[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Password must meet complexity requirements

ID: oval:org.secpod.oval:def:7901Date: (C)2012-11-10   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Password must meet complexity requirements policy should be set correctly. This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. When this policy is enabled, passwords must meet the following minimum requirements: * Not contain the users account name or parts of the users full name that exceed two consecutive characters * Be at least six characters in length * Contain characters from three of the following four categories: * English uppercase characters (A through Z) * English lowercase characters (a through z) * Base 10 digits (0 through 9) * Non-alphabetic characters (for example, !, $, #, %) * A catch-all category of any Unicode character that does not fall under the previous four categories. This fifth category can be regionally specific. Each additional character in a password increases its complexity exponentially. For instance, a seven-character, all lower-case alphabetic password would have 267 (approximately 8 x 109 or 8 billion) possible combinations. At 1,000,000 attempts per second (a capability of many password-cracking utilities), it would only take 133 minutes to crack. A seven-character alphabetic password with case sensitivity has 527 combinations. A seven-character case-sensitive alphanumeric password without punctuation has 627 combinations. An eight-character password has 268 (or 2 x 1011) possible combinations. Although this might seem to be a large number, at 1,000,000 attempts per second it would take only 59 hours to try all possible passwords. Remember, these times will significantly increase for passwords that use ALT characters and other special keyboard characters such as ! or @. Proper use of the password settings can help make it difficult to mount a brute force attack. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements (2) REG: NO INFO

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-10901-7
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-10901-7
XCCDF    6
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_2008_R2
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_SecPod_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2
...

© SecPod Technologies