deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Security/Threat protection: password length values

Browse Source 
Description:

As requested by Program Manager Robert Durff (MSRobertD) in issue
ticket #6856 (Bug: Password length value range is inaccurate.), the
upper value for the supported values for password length should be 20
instead of only 14, verified in preliminary field testing of the GPO
Password Policy, described on this page.

The actual upper limit may very well be higher, but 20 is a reasonable
value to be used for now, until someone documents the need for higher
accuracy in the documentation of this value for the GPO Password Policy.

Changes proposed:
- Replace 14 with 20 in both occurrences of 14 as the upper value
- Convert Note text in line 83 to a MarkDown Note blob (MS codestyle)
- Whitespace adjustments:
    - Normalize bullet point list spacing to 1 (codestyle) (3 lines)
    - Remove redundant end-of-line spacing (8 lines)

Ticket closure or reference:

Closes #6856
This commit is contained in:
illfated
2020-06-02 19:56:00 +02:00
parent 5a24c8f101
commit 3a52c98053
1 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/threat-protection/security-policy-settings/minimum-password-length.md
View File

@ -26,11 +26,11 @@ Describes the best practices, location, values, policy management, and security
## Reference ## Reference
The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 20 characters, or you can establish that no password is required by setting the number of characters to 0.
### Possible values ### Possible values
- User-specified number of characters between 0 and 14 - User-specified number of characters between 0 and 20
- Not defined - Not defined
### Best practices ### Best practices
@ -80,7 +80,8 @@ Configure the **** policy setting to a value of 8 or more. If the number of char
In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack. In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack.
>**Note:**  Some jurisdictions have established legal requirements for password length as part of establishing security regulations. > [!NOTE]
> Some jurisdictions have established legal requirements for password length as part of establishing security regulations.
### Potential impact ### Potential impact