From b44044b0b6ea48cbaf5fb52812d9f6e8935f58e3 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Sat, 20 Jun 2020 22:17:56 -0400 Subject: [PATCH] Update windows/security/threat-protection/security-policy-settings/minimum-password-length.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security-policy-settings/minimum-password-length.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index a47acd4f82..35eaa8ac76 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -35,7 +35,7 @@ The **Minimum password length** policy setting determines the least number of ch ### Best practices -Set Minimum password length to at least a value of 8. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it is long enough to provide adequate security and still short enough for users to easily remember. Minimum Password Length of greater than 14 is not supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md). +Set Minimum password length to at least a value of 8. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it is long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 is not supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md). Permitting short passwords reduces security because short passwords can be easily broken with tools that perform dictionary or brute force attacks against the passwords. Requiring very long passwords can result in mistyped passwords that might cause an account lockout and subsequently increase the volume of Help Desk calls.