Password Complexity Requiremnets

M

Marty Amaral

Part of the password complexity requirements states that
your password can contain you account or full name. Is
that to mean that it can not contain any part of those
names, or just the full and correct account or ful name.

For examplie, if my full name is john smith, and my
account name is jsmith, can I use the following password?

Sjohn1234 or SmithJ1234 or would those give me the "Does
not meet requirements..." error?

Marty

The password supplied does not meet the minimum
complexity requirements. Please select another password
that meets all of the following criteria:
is at least x characters;

has not been used in the previous x passwords;
does not contain your account or full name;
contains at least three of the following four character
groups:


English uppercase characters (A through Z);
English lowercase characters (a through z);
Numerals (0 through 9);
Non-alphabetic characters (such as !, $, #, %)
 
J

Joe Richards [MVP]

These are the "official" filter rules for W2K3
(http://www.microsoft.com/technet/tr...hnol/windowsserver2003/proddocs/entserver/504
..asp)

a.. Not contain all or part of the user's account name
b.. Be at least six characters in length
c.. Contain characters from three of the following four categories:
a.. English uppercase characters (A through Z)
b.. English lowercase characters (a through z)
c.. Base 10 digits (0 through 9)
d.. Non-alphabetic characters (for example, !, $, #, %)
Though I know that it is actually "can not contain your account name or any part of user's full name.".

If the full account name is in the password it will fail, it isn't a part of the account name at all. I will submit a
change in the docs for the web page above.

As for the full name part, it breaks the full name up into tokens terminated by the standard word break characters such
as space, tab, comma, dash, underscore, or #. If the token is less than 3 characters it will be ignored.

So yes, both of the passwords below (Sjohn1234 or SmithJ1234) should FAIL because assuming the full name is indeed "john
smith". The first would be busted due to john and the second due to smith. If the full name were listed as JohnSmith
however, those passwords would be ok.

Note that this is based on W2K3 RTM, it may change in a future hot fix or SP.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

regarding password must meet the complexity requirements policy setting 1
Security Enhancements 1
disable password complexity 3
Setting Password complexity requirements 6
Ordinary users have problem changing passwords vis-a-vis Complexity Requirements 2
Password on 2003 server AD. 1
changing administrator password 2
Password Policy Reset to the old setting, Why? 8

Top