2
0
I am currently viewing this feature in Windows 7, but I imagine it is very similar if not identical in many of the other Windows OS versions.
I am looking for an explanation of the exact rules for windows password complexity requirements. By this I mean the setting that is available in the following location:
Control Panel > Administrative Tools > Local Security Policy >> Account Policies > Password Policy > "Password must meet complexity requirement"
If you open the properties for this option, and select the "Expain" tab it provides the following list of rules:
Password must meet complexity requirements
This security setting determines whether passwords must meet complexity requirements.
If this policy is enabled, passwords must meet the following minimum requirements:
Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
Be at least six characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
For the sake of providing a complete answer then feel free to explain each rule in detail, however I am personally only interested in an explanation of the following extract:
Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
What exactly does this mean? It would be very useful to see some examples of passwords that would pass and fail this rule check.
musefan
Posted 2014-03-25T14:29:24.567
Reputation: 165
1OK that certainly makes sense, but just to be clear is it the full token only? for example, is it only "joey" or would "joe" be rejected? Also there is a fair bit of "taking your word for it" here, do you have any links to backup your answer? – musefan – 2014-03-25T14:45:32.123
'Joe' would not be rejected. The "consecutive character" description applies to the token length restriction. My definiation was taken from The MS TechNet, see here.
– dkanejs – 2014-03-25T14:54:45.9801Thanks, your edit clears it up, and the link is good enough for me :) – musefan – 2014-03-25T15:05:45.620
1
@Geditdk while we appricate the time you took to answer this question. Please site the source of your answers, especially when you just copy/paste 99% of it from another site
– Ƭᴇcʜιᴇ007 – 2014-03-25T16:02:59.103@techie007 Of course, I ment to cite my source originally but it ended up in a comment, instead of an edit. – dkanejs – 2014-03-25T16:07:11.887
1No problem, I actually missed it in the comment. :/ I stuck it in the answer for ya. :) – Ƭᴇcʜιᴇ007 – 2014-03-25T16:08:22.780
1
@Geditdk: Just so you know, I also found this which pretty much confirms exactly what you have said
– musefan – 2014-03-25T17:01:44.233