Updated: August 8, 2012
Applies To: Windows Server 2012, Windows 8
This topic for the IT professional describes passwords as used in the Windows operating systems, and links to documentation and discussions about the use of passwords in a credential management strategy.
Did you mean…
Personal Identifier Number (PIN) usage in Smart Cards
Picture passwords - Signing in with a picture password
Password usage in Managed Service Accounts
Password usage in Group Managed Service Accounts Overview
Operating systems and applications today are architected around passwords and even if you use smart cards or biometric systems, all accounts still have passwords and they can still be used in some circumstances. Some accounts, notably accounts used to run services, cannot even use smart cards and biometric tokens and therefore must use a password to authenticate. Windows protects passwords using cryptographic hashes.
For more information about Windows passwords, see the Passwords Technical Overview in the Windows Server 2008 TechNet Library.
In Windows and many other operating systems, the most common method for authenticating a user's identity is to use a secret passphrase or password. Securing your network environment requires that strong passwords be used by all users. This helps avoid the threat of a malicious user guessing a weak password, whether through manual methods or by using tools, to acquire the credentials of a compromised user account. This is especially true for administrative accounts. When you change a complex password regularly, it reduces the likelihood of a password attack compromising that account.
In Windows Server 2012 and Windows 8, picture passwords are new. Picture passwords are a combination of a user selected image coupled with a series of gestures. Picture password functionality is disabled on domain-joined computers. Links to more information about picture passwords are listed in See also below.
There has been no change to password functionality in Windows Server 2012 and Windows 8. No new Group Policy settings have been added. However, improvements and enhancements have been made in credential (and password) management, such as with picture passwords, Credential Locker and signing in to Windows 8 with a Microsoft account, formerly known as a Windows Live ID.
No password functionality has been deprecated in Windows Server 2012 and Windows 8.
In enterprise environments, passwords are typically managed with Active Directory Domain Services. Passwords can also be managed on the local computer using the settings in local Security Settings, Account Policies, Password Policy.
This table lists additional resources for password features, technology and credential management.
Windows Server 2008 R2 and Windows 7 Threats and Countermeasures Guide: Account Policies
Guidance to change and create strong passwords
Tools and settings