WinSecWiki > Security Settings > Account Policies > Password Policy > Complexity Requirements

Password must meet complexity requirements

If you enable this control, passwords must:

  • Not contain the users account name
  • Exceeded six characters in length regardless of the minimum password length control
  • Contain at least one character from at least three of four sets of characters:
  • A through Z
  • a through z
  • 0 through 9
  • Symbols such!@#$%^&*

So-called complex passwords include Password1 and abc123$.

This control also is the source of many arguments. See my thoughts under “In my opinion” at the above level.

Bottom line

I recommend enabling this policy.

Back to top


Additional Resources