This policy enables administrators to enhance security by ensuring that old passwords are not reused continually. Here administrators can configure the number of unique new passwords that have to be associated with a user account before an old password is reused. To maintain the effectiveness of the password history, administrators should not allow passwords to be changed immediately when you configure the Minimum password age.
For higher level of security this should be configured to value greater than 10 (Maximum value is 24)
Maximum password age
Administrators can set the period of time (in days) that a password should be used before the system requires the user to change it. Administrators can set passwords to expire after a number of days between 1 and 999.
For higher level of security this should be configured to 42.
Minimum password age
Administrators can set the period of time (in days) that a password must be used before the user can change it. Administrators can set a value between 1 and 999 days.
The minimum password age must be less than the Maximum password age.
Configure the minimum password age to be more than 0 if Administrators want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on.
For higher level of security this value should be configured to a value greater than 2 (Should be less than maximum password age)
Minimum password length
Administrators can set the least number of characters that a password for a user account should contain. Administrators can set a value of between 1 and 14 characters.
For higher level of security this value should be configured to a value greater than or equal to 8.
Password must meet complexity requirements
By enabling this policy administrators can enforce that passwords must meet the following minimum requirements:
For higher level of security this should be configured to value greater than 10 (Maximum value is 24)
Maximum password age
Administrators can set the period of time (in days) that a password should be used before the system requires the user to change it. Administrators can set passwords to expire after a number of days between 1 and 999.
For higher level of security this should be configured to 42.
Minimum password age
Administrators can set the period of time (in days) that a password must be used before the user can change it. Administrators can set a value between 1 and 999 days.
The minimum password age must be less than the Maximum password age.
Configure the minimum password age to be more than 0 if Administrators want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on.
For higher level of security this value should be configured to a value greater than 2 (Should be less than maximum password age)
Minimum password length
Administrators can set the least number of characters that a password for a user account should contain. Administrators can set a value of between 1 and 14 characters.
For higher level of security this value should be configured to a value greater than or equal to 8.
Password must meet complexity requirements
By enabling this policy administrators can enforce that passwords must meet the following minimum requirements:
- Not contain all or part of the user’s account name
- Be at least six characters in length
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Nonalphanumeric characters (e.g., !, $, #, %)