Passwords Overview

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

This topic for the IT professional describes passwords as used in the Windows operating systems, and links to documentation and discussions about the use of passwords in a credential management strategy.

Feature description

Operating systems and applications today are architected around passwords and even if you use smart cards or biometric systems, all accounts still have passwords and they can still be used in some circumstances. Some accounts, notably accounts used to run services, cannot even use smart cards and biometric tokens and therefore must use a password to authenticate. Windows protects passwords using cryptographic hashes.

For more information about Windows passwords, see Passwords Technical Overview.

Practical applications

In Windows and many other operating systems, the most common method for authenticating a user's identity is to use a secret passphrase or password. Securing your network environment requires that strong passwords be used by all users. This helps avoid the threat of a malicious user guessing a weak password, whether through manual methods or by using tools, to acquire the credentials of a compromised user account. This is especially true for administrative accounts. When you change a complex password regularly, it reduces the likelihood of a password attack compromising that account.

New and changed functionality

In Windows Server 2012 and Windows 8, picture passwords are new. Picture passwords are a combination of a user selected image coupled with a series of gestures. Picture password functionality is disabled on domain-joined computers. Links to more information about picture passwords are listed in See Also below.

There has been no change to password functionality in Windows Server 2012 and Windows 8. No new Group Policy settings have been added. However, improvements and enhancements have been made in credential (and password) management, such as with picture passwords, Credential Locker and signing in to Windows 8 with a Microsoft account, formerly known as a Windows Live ID.

Deprecated functionality

No password functionality has been deprecated in Windows Server 2012 and Windows 8.

Software requirements

In enterprise environments, passwords are typically managed with Active Directory Domain Services. Passwords can also be managed on the local computer using the settings in local Security Settings, Account Policies, Password Policy.

This table lists additional resources for password features, technology and credential management.

Content type References
Scenario documentation Protecting your digital identity
Operations Active Directory Users and Computers
Troubleshooting Find out when your Password Expires - Active Directory PowerShell Blog
Security Windows Server 2008 R2 and Windows 7 Threats and Countermeasures Guide: Account Policies

Guidance to change and create strong passwords
Tools and settings Group Policy Settings Reference for Windows and Windows Server on the Microsoft Download Center
Community resources Protecting your digital identity

Signing in to Windows 8 with a Windows Live ID

Signing in with a picture password

Optimizing picture password security