Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016
This topic for the IT professional describes passwords as used in the Windows operating systems, and links to documentation and discussions about the use of passwords in a credential management strategy.
Operating systems and applications today are architected around passwords and even if you use smart cards or biometric systems, all accounts still have passwords and they can still be used in some circumstances. Some accounts, notably accounts used to run services, cannot even use smart cards and biometric tokens and therefore must use a password to authenticate. Windows protects passwords using cryptographic hashes.
For more information about Windows passwords, see Passwords Technical Overview.
In Windows and many other operating systems, the most common method for authenticating a user's identity is to use a secret passphrase or password. Securing your network environment requires that strong passwords be used by all users. This helps avoid the threat of a malicious user guessing a weak password, whether through manual methods or by using tools, to acquire the credentials of a compromised user account. This is especially true for administrative accounts. When you change a complex password regularly, it reduces the likelihood of a password attack compromising that account.
New and changed functionality
In Windows Server 2012 and Windows 8, picture passwords are new. Picture passwords are a combination of a user selected image coupled with a series of gestures. Picture password functionality is disabled on domain-joined computers. Links to more information about picture passwords are listed in See Also below.
There has been no change to password functionality in Windows Server 2012 and Windows 8. No new Group Policy settings have been added. However, improvements and enhancements have been made in credential (and password) management, such as with picture passwords, Credential Locker and signing in to Windows 8 with a Microsoft account, formerly known as a Windows Live ID.
No password functionality has been deprecated in Windows Server 2012 and Windows 8.
In enterprise environments, passwords are typically managed with Active Directory Domain Services. Passwords can also be managed on the local computer using the settings in local Security Settings, Account Policies, Password Policy.
This table lists additional resources for password features, technology and credential management.
|Scenario documentation||Protecting your digital identity|
|Operations||Active Directory Users and Computers|
|Troubleshooting||Find out when your Password Expires - Active Directory PowerShell Blog|
|Security||Windows Server 2008 R2 and Windows 7 Threats and Countermeasures Guide: Account Policies
Guidance to change and create strong passwords
|Tools and settings||Group Policy Settings Reference for Windows and Windows Server on the Microsoft Download Center|
|Community resources||Protecting your digital identity
Signing in to Windows 8 with a Windows Live ID
Signing in with a picture password
Optimizing picture password security