ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

Recommendation on Password Policy:
  • Status: first draft proposed by Steve Lasley 4/2/02
    awaiting elaboration by ICC

    Password Policy Default Setting Current IFAS Settings Proposed Settings under NT Proposed Settings under Win2K
    Enforce password history 1 password remembered 20 passwords remembered 10 passwords remembered 10 passwords remembered
    Maximum password age 42 days 180 days 180 days 180 days
    Minimum password age 0 days 0 days 2 days 2 days
    Minimum password length 0 characters 6 characters 8 characters 8 characters
    Password must meet complexity requirements Disabled Disabled Disabled Enabled
    Store password using reversible encryption for all users in the domain Disabled Disabled Disabled Disabled
    Account Lockout Duration Not Defined 30 minutes 20 minutes 20 minutes
    Account Lockout Threshold 0 5 invalid logon attempts 5 invalid logon attempts 5 invalid logon attempts
    Reset account lockout after Not Defined 60 minutes 20 minutes 20 minutes

last edited 18 April 2002 by Steve Lasley