Re: Password Policy best Practice...

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I concur with Larry and even backed by a Microsoft document..lol

http://www.microsoft.com/smallbusiness/support/articles/select_sec_passwords.mspx



"Larry Struckmeyer [SBS-MVP]" <lstruckmeyer@xxxxxxxxxxxxxxx> wrote in
message news:e3y5$iUFJHA.2476@xxxxxxxxxxxxxxxxxxxxxxx
Hi Bill:

I recommend that you use pass phrases instead of passwords. They are
easier to remember, easily modifiable, and virtually unbreakable.

There is a limitation in Windows that up to 15 characters the password can
be extracted from the database.

http://en.wikipedia.org/wiki/LM_hash

More than that, it is both too complex for attack and cannot be extracted
from the database. Therefore I recommend "passwords" such as:

My Team 36 Your Team 24!!

My Car is Red *.*

I use the "same" pass phrase on every server that I administer. Same
because I can simply think about where I am and the name of the company
and the password is self evident in the context of the place.

Company + Location + 8 weird characters.

The weird characters could be easily be incremented on a 30, 60 or X day
schedule as no one would forget that they were 120 and now they are 121 in
the numerical part of the passphrase. I can argue that a 15+ position
pass phrase is unbreakable, especially if you institute a lock out policy,
but changing it on a regular schedule is still a good idea.

-Larry



"bill" <bill@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:518B6862-B07A-4779-B737-D517C319097B@xxxxxxxxxxxxxxxx
Hi,

We use Remote Web Access on SBS2003. Is there a Microsoft recommendation
for the time between required password changes?



.

Relevant Pages

  • Re: Password Policy best Practice...
    ... I recommend that you use pass phrases instead of passwords. ... There is a limitation in Windows that up to 15 characters the password can be extracted from the database. ... I can argue that a 15+ position pass phrase is unbreakable, especially if you institute a lock out policy, but changing it on a regular schedule is still a good idea. ...
    (microsoft.public.windows.server.sbs)
  • Re: Password Policy best Practice...
    ... I agree completely with Larry except that I also recommend intentional missspells and char substitutions. ... There is a limitation in Windows that up to 15 characters the password can be extracted from the database. ... I can argue that a 15+ position pass phrase is unbreakable, especially if you institute a lock out policy, but changing it on a regular schedule is still a good idea. ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS logs for Exchange/OMA Access
    ... "Microsoft Exchange ActiveSync Administration". ... This newsgroup only focuses on SBS technical issues. ... When opening a new thread via the web interface, we recommend you check the ... <Server Error in '/MobileAdmin' Application. ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS logs for Exchange/OMA Access
    ... Either the administrator or those users who have ... "Microsoft Exchange ActiveSync Administration". ... This newsgroup only focuses on SBS technical issues. ... When opening a new thread via the web interface, we recommend you check the ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS logs for Exchange/OMA Access
    ... Either the administrator or those users who have ... "Microsoft Exchange ActiveSync Administration". ... This newsgroup only focuses on SBS technical issues. ... When opening a new thread via the web interface, we recommend you check the ...
    (microsoft.public.windows.server.sbs)