Educate users about selecting strong passwords

Updated: July 22, 2009

Applies To: Windows SBS 2008, Windows Small Business Server 2011 Standard

Strong password policies are enabled by default during Windows SBS 2008 installation. Ask users to treat their password as they would other private information, such as a credit card PIN number. Educating users about strong passwords and best practices for creating their passwords helps make your network more secure. The following are typical guidelines that, when implemented, help ensure a strong password and more protection for your local network.

A password should not include any of the following:

  • A user's name or e-mail alias.

  • The name of the user's child, parent, spouse, or friend.

  • Any word found in a dictionary.

  • An old password that is reused by appending numbers.

  • A birth date.

  • A phone number.

  • A social security number or other identification number.

  • Any easily obtained personal information.

A strong password consists of the following:

  • It does not contain all or part of the user's account name.

  • It contains at least six characters.

  • It contains characters from three of the following four categories:

  • Uppercase letters (A through Z).

  • Lowercase letters (a through z).

  • Numbers (0 through 9).

  • Non-alphanumeric characters (for example, !, $, #, %).

For more information about password policies, see “Selecting Secure Passwords” at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=131429).