Applies To: Windows SBS 2008
After implementing strong password policies, educate users about strong and weak passwords. Ask users to treat their password as they would private information, such as a credit card personal identification number (PIN).
Following are typical guidelines for creating a strong password. When implemented, they provide protection for your local network.
A password should not include any of the following:
All or part of the user's account name.
User's name or e-mail alias.
Name of the user's child, parent, spouse/partner, or friend.
Any word found in a dictionary.
Old password that is reused by appending numbers.
User's birth date.
User's phone number.
User's Social Security Number or other identification number.
Any easily obtained personal information (for example, a city of birth).
A strong password consists of the following:
At least eight characters.
Characters from three of the following four categories:
Uppercase letters (A through Z)
Lowercase letters (a through z)
Numbers (0 through 9)
Non-alphanumeric characters (for example, !, $, #, %)