Password Requirements - Quick Survey

Posted on 2009-04-24
Last Modified: 2013-12-04
I'll divide the 500 points equally between everyone who responds to this survey.  If you post a response more than once, you only get the points for the original post!

For work, I need to know if it is a common practice for large companies to require their network users to include a special character in their network logon password.  It would be great if you could give the password spec and/or company name, but I won't expect that because that is normally considered confidential information, but can you please include country?  We are considering enhancing our password standards and have been asked if requiring a special character in the password is common practice.  

Thank you for your help again.  I'll divide the points Sunday evening or Monday morning.

Steph M
Question by:Steph_M
    LVL 48

    Assisted Solution

    I worked for a major bank in New Zealand.  Their password policy was:

    1.  Minimum length of 8 characters.
    2.  Password not based on any dictionary combination.
    3.  Minimum of 2 non-alphanumeric characters.
    4.  Password change every 30 days
    5.  New password needed to differ from old password by four characters and/or could not be based on old password.
    6.  Passwords from the previous 12 months could not be used.

    Also related was the policy that the account would be locked after 3 unsuccessful login attempts.
    LVL 48

    Assisted Solution

    I should also add that the above was also used in combination with a secureID token.
    LVL 18

    Accepted Solution

    You don't need to be a large company to enforce security or password policies. Our clients are as small as 5 user up to a few hundred.

    For most clients we do the following:

    Enforce password history: 24 remembered passwords
    Maximum password age: 60 days
    Minimum password age: 30 days
    Minimum password length: 10 characters
    Password must meet complexity requirements: Enabled
    Store passwords using reversible encryption: Disabled
    Account lockout duration: 60 minutes
    Account lockout threshold: 3 invalid logon attempts
    Reset account lockout counter after: 60 minutes

    When possible we try to get them to use this as well:
    It makes it impossible for people to share passwords

    Location: USA

    Assisted Solution

    I've been a ethical hacker for some time now, from experience, the longer the password and the more strange characters the more difficult for it to be hacked.

    There are a few kinds of hacking methods, for example, there one called a "dictionary" type attack which will crack your passwords according to words starting with the letter 'a'. Another type will so-called use random letters generation to crack passwords one by one which might take for ever if you have a password like "d@(9$6d*5".

    To generate strong passwords check this site out:

    Author Closing Comment

    Thanks everyone for you input.  Doc, the reason I did not assign points to you is because the information I requested was "what is the standard" because the information I've been asked for is "Is it common for other companies to require a special character in their password."

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now