Communicating Password Creation Guidelines

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Educate your users about how to create strong passwords and how to keep them secret to help to protect your system from compromise as a result of simple carelessness.

Users must understand that their passwords must meet your organization’s complexity guidelines. Incorporating uppercase and lowercase letters, numbers, and symbols into a password makes the password much more difficult to crack. Suggest to users that they insert numbers and characters into common phrases to protect against dictionary attacks. For example, the phrase "iamhappy" is easy to remember, but is hard to guess if some characters are changed so that the phrase appears as "1AmH@ppy!".

Caution users against writing their passwords down and leaving them in an accessible place. Be sure that users understand the danger of leaving their passwords in places where they can be discovered by an attacker. Although the need to remember complex passwords and reset them frequently might cause some inconvenience, the benefits of protecting your organization’s resources far outweigh the costs.