Posted by & filed under Windows / Server.

Windows 2003 has a very aggressive password policy in place (well, sort of). Most websites that spout password tips typically list the first 4 of the following groups of character classes as options for a strong password. Many do not realize that you can also use Unicode Characters in the password. Windows 2003 passwords can be up to 128 characters long. Try memorizing a password that long! You may also include blank spaces (although most password “strength” testers do not consider a blank space a particularly strong element).

The character classes that can be used in a Windows 2003 password are as follows:

Classes Examples
Lowercase letters a, b, c, …
Uppercase letters A, B, C, …
Numbers 0, 1, 2, 3, …
Symbols % ^ & * – + = | \ {, …
Unicode characters €, Γ, λ, …

A strong password should contain at least 3 of the preceding groups and hopefully all 5.

A few of the most common “mistakes” in making a password are:

  • · Including dictionary words.
  • · Including your username.
  • · Including common sequences (ex. abc, 123, 7890), keyboard sequences, or repeated characters.
  • · Your birthday, name, pet’s name, spouse, etc. All of these can easily be found out by a determined person.

Of course, I say “mistakes” lightly because sometimes a strong password can encompass these elements. Many security experts would say “No Way!” But consider that you need to memorize the password, so by taking the longest/strongest possible password you can remember and then throwing a name or other element in addition to that will certainly make it stronger. But DO NOT use ONLY those.

To understand what makes a strong password, you need to understand how passwords are most commonly cracked.

1. Someone you know trying to get into your account: This type of person will likely hinge on things like birthdays, names, etc to help crack your password.

2. Unknown Person/Random Cracker: This person will be less likely to know your personal information. For example, if the administrator can only memorize 7 characters, he/she may be better off using those 7 characters with many personal strings, which is just as easy to memorize. These types of people will typically use dictionary or brute force attacks. Dictionary attacks run all combinations of the dictionary on a password (many crackers only use their own language dictionary though). Brute force attacks will take a long time, but they also start with the shortest possible text strings, so in those cases a shorter password will absolutely be cracked sooner. Even if a password is not complex, a long password will help protect against brute force attacks.

Finally, the best password is the one you will remember. I know of many people who forget their passwords and sometimes the only solution is long, tiring, and costly.

(No Ratings Yet)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>