Stored User Name and Password Best practices
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Protect your account
Storing user names and passwords as part of your user account information means that anyone who has access to your account can access that stored information. Users must protect their account from misuse. Locking or logging off of computers when they not attended, providing password protection to screen savers, and ensuring the use of strong passwords are elements that contribute to the protection of the account.
For more information on locking a computer, see To lock a computer in a domain environment.
Use strong passwords for all accounts
The risk of using weak passwords is not removed by Stored User Names and Passwords. To protect against this, use strong passwords to protect against an intruder guessing or stealing the password.
For more information, see Strong passwords.
Change passwords regularly
Although a strong password can help protect against intruders, it is possible to eventually guess or steal the password of a resource. For this reason, passwords should be changed periodically. This not only minimizes chances that an intruder can guess or steal a password through lengthy password-guessing processes, but also minimizes damages when a password is compromised without the user's knowledge.
For more information, see Change an existing password.
Use different passwords for individual accounts
Stored User Names and Passwords allows the user to supply a different user name and password to each computer that is used. This provides for additional security on a per-computer basis. Using different passwords for each computer helps ensure that one guessed or stolen password does not weaken security. If an intruder is able to determine one password that is stored by Stored User Names and Passwords and all other passwords are different, the intruder is limited to the damage they can do with that single password.
Store user names and passwords only when appropriate
User name and passwords that are used to access extremely sensitive resources must be protected carefully. In these cases, store the user names and passwords only for the specific logon session by choosing the appropriate option in Logon Information Properties.