Password Requirements - Quick Survey

Posted on 2009-04-24
Medium Priority
Last Modified: 2013-12-04
I'll divide the 500 points equally between everyone who responds to this survey.  If you post a response more than once, you only get the points for the original post!

For work, I need to know if it is a common practice for large companies to require their network users to include a special character in their network logon password.  It would be great if you could give the password spec and/or company name, but I won't expect that because that is normally considered confidential information, but can you please include country?  We are considering enhancing our password standards and have been asked if requiring a special character in the password is common practice.  

Thank you for your help again.  I'll divide the points Sunday evening or Monday morning.

Steph M
Question by:Steph_M
LVL 48

Assisted Solution

Tintin earned 920 total points
ID: 24229436
I worked for a major bank in New Zealand.  Their password policy was:

1.  Minimum length of 8 characters.
2.  Password not based on any dictionary combination.
3.  Minimum of 2 non-alphanumeric characters.
4.  Password change every 30 days
5.  New password needed to differ from old password by four characters and/or could not be based on old password.
6.  Passwords from the previous 12 months could not be used.

Also related was the policy that the account would be locked after 3 unsuccessful login attempts.
LVL 48

Assisted Solution

Tintin earned 920 total points
ID: 24229444
I should also add that the above was also used in combination with a secureID token.
LVL 18

Accepted Solution

simsjrg earned 920 total points
ID: 24229487
You don't need to be a large company to enforce security or password policies. Our clients are as small as 5 user up to a few hundred.

For most clients we do the following:

Enforce password history: 24 remembered passwords
Maximum password age: 60 days
Minimum password age: 30 days
Minimum password length: 10 characters
Password must meet complexity requirements: Enabled
Store passwords using reversible encryption: Disabled
Account lockout duration: 60 minutes
Account lockout threshold: 3 invalid logon attempts
Reset account lockout counter after: 60 minutes

When possible we try to get them to use this as well: http://www.admitonesecurity.com/
It makes it impossible for people to share passwords

Location: USA

Assisted Solution

DoctorInferno earned 160 total points
ID: 24240368
I've been a ethical hacker for some time now, from experience, the longer the password and the more strange characters the more difficult for it to be hacked.

There are a few kinds of hacking methods, for example, there one called a "dictionary" type attack which will crack your passwords according to words starting with the letter 'a'. Another type will so-called use random letters generation to crack passwords one by one which might take for ever if you have a password like "d@(9$6d*5".

To generate strong passwords check this site out:


Author Closing Comment

ID: 31574408
Thanks everyone for you input.  Doc, the reason I did not assign points to you is because the information I requested was "what is the standard" because the information I've been asked for is "Is it common for other companies to require a special character in their password."

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Screencast - Getting to Know the Pipeline
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question