Adapted from Microsoft articles of strong password creation.
The role that passwords play in securing an organization's network is often underestimated and overlooked. Passwords provide the first line of defense against unauthorized access to your organization. The Microsoft® Windows Server 2003 family has a new feature that checks the complexity of the password for the Administrator account during setup of the operating system. If the password is blank or does not meet complexity requirements, the Windows Setup dialog box appears, warning you of the dangers of not using a strong password for the Administrator account. If you leave this password blank, you will not be able to access this account over the network.
Weak passwords provide attackers with easy access to your computers and network, while strong passwords are considerably harder to crack, even with the password-cracking software that is available today. Password-cracking tools continue to improve, and the computers that are used to crack passwords are more powerful than ever. Password-cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and brute-force automated attacks that try every possible combination of characters. Given enough time, the automated method can crack any password. However, strong passwords are much harder to crack than weak passwords. A secure computer has strong passwords for all user accounts.
A weak password:
A strong password:
| Group | Examples |
|---|---|
| Uppercase letters | A, B, C |
| Lowercase letters | a, b, c |
| Numerals | 0, 1,2, 3, 4, 5, 6, 7, 8, 9 |
| Symbols found on the keyboard | ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | \ : " ; ' < > ? , . / |
An example of a strong password is J*p2leO4>F.
A password can meet most of the criteria of a strong password but still be rather weak. For example, Hello2U! is a relatively weak password even though it meets most of the criteria for a strong password and also meets the complexity requirements of password policy. H!elZl2o is a strong password because the dictionary word is interspersed with symbols, numbers, and other letters.