From 68c3bd55b7573d765bee63ad7df337b7dd519e55 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 25 Mar 2020 14:32:25 +0200 Subject: [PATCH 1/3] add note about best practices https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6040 --- .../password-must-meet-complexity-requirements.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index 20fd54f909..ecc8a51c2b 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -59,6 +59,9 @@ Additional settings that can be included in a custom Passfilt.dll are the use of ### Best practices +> [!NOTE] +> For the latest best practices, please check [this article](https://www.microsoft.com/en-us/research/publication/password-guidance/). + Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 218,340,105,584,896 different possibilities for a single password. This makes a brute force attack difficult, but still not impossible. The use of ALT key character combinations can greatly enhance the complexity of a password. However, requiring all users in an organization to adhere to such stringent password requirements can result in unhappy users and an extremely busy Help Desk. Consider implementing a requirement in your organization to use ALT characters in the range from 0128 through 0159 as part of all administrator passwords. (ALT characters outside of this range can represent standard alphanumeric characters that do not add additional complexity to the password.) From 728dd5cdeaa0b15c3a268122b63b5e090557c6a1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 25 Mar 2020 09:00:44 -0700 Subject: [PATCH 2/3] Update password-must-meet-complexity-requirements.md --- .../password-must-meet-complexity-requirements.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index ecc8a51c2b..b32a32dad0 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/08/2017 --- # Password must meet complexity requirements @@ -60,7 +59,7 @@ Additional settings that can be included in a custom Passfilt.dll are the use of ### Best practices > [!NOTE] -> For the latest best practices, please check [this article](https://www.microsoft.com/en-us/research/publication/password-guidance/). +> For the latest best practices, see [Password Guidance](https://www.microsoft.com/research/publication/password-guidance). Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 218,340,105,584,896 different possibilities for a single password. This makes a brute force attack difficult, but still not impossible. From 6b56302223467c6e3cab35e72525e406a8b2bbac Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 25 Mar 2020 09:01:19 -0700 Subject: [PATCH 3/3] Update password-must-meet-complexity-requirements.md --- .../password-must-meet-complexity-requirements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index b32a32dad0..b713a96ecb 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -58,7 +58,7 @@ Additional settings that can be included in a custom Passfilt.dll are the use of ### Best practices -> [!NOTE] +> [!TIP] > For the latest best practices, see [Password Guidance](https://www.microsoft.com/research/publication/password-guidance). Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 218,340,105,584,896 different possibilities for a single password. This makes a brute force attack difficult, but still not impossible. @@ -106,6 +106,6 @@ If your organization has more stringent security requirements, you can create a The use of ALT key character combinations can greatly enhance the complexity of a password. However, such stringent password requirements can result in additional Help Desk requests. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the 0128–0159 range. (ALT characters outside of this range can represent standard alphanumeric characters that would not add additional complexity to the password.) -## Related topics +## Related articles - [Password Policy](password-policy.md)