deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-25 03:37:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #6875 from illfated/password-length

Browse Source 
Security/Threat protection: password length values
This commit is contained in:
Denise Vangel-MSFT 2020-06-02 12:09:14 -07:00 committed by GitHub
commit b4223853c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/security-policy-settings/minimum-password-length.md
View File

@ -20,18 +20,18 @@ ms.date: 04/19/2017
# Minimum password length # Minimum password length
**Applies to** **Applies to**
- Windows 10 - Windows 10
Describes the best practices, location, values, policy management, and security considerations for the **Minimum password length** security policy setting. Describes the best practices, location, values, policy management, and security considerations for the **Minimum password length** security policy setting.
## Reference ## Reference
The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 20 characters, or you can establish that no password is required by setting the number of characters to 0.
### Possible values ### Possible values
- User-specified number of characters between 0 and 14 - User-specified number of characters between 0 and 20
- Not defined - Not defined
### Best practices ### Best practices
@ -80,7 +80,8 @@ Configure the **** policy setting to a value of 8 or more. If the number of char
In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack. In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack.
>**Note:**  Some jurisdictions have established legal requirements for password length as part of establishing security regulations. > [!NOTE]
> Some jurisdictions have established legal requirements for password length as part of establishing security regulations.
### Potential impact ### Potential impact