AD and enforced password policies

Jared Mauch jared at
Tue Jan 3 14:22:31 UTC 2012

On Jan 2, 2012, at 8:45 PM, Steven Bellovin wrote:

>      Minimum Length : 8
>      Maximum Length : 12
>      Maximum Repeated Characters : 2
>      Minimum Alphabetic Characters Required : 1
>      Minimum Numeric Characters Required : 1
>      Starts with a Numeric Character
>      No User Name
>      No past passwords
>      At least one character must be ~!@#$%^&*()-_+\verb!+={}[]\|;:/?.,<>"'`!

One site I saw would break when you exceeded the maximum length but silently accept it.  Making the users jump through sufficient hoops to generate a password and keep it for the sake of "security" only serve to weaken the resolve of users and complexity of passwords used.

Dare I say, if a password system is too cumbersome I may reject them as an employer at some point out of frustration, or just call the help desk daily to reset the password.

back to the OP question.  I've used the Quest system as a user and found it useful.  Having this outside any VPN for your remote users is very helpful.

- Jared

More information about the NANOG mailing list