Guidelines for Setting Password Policy

A good password policy helps users protect their passwords from other individuals. This helps to reduce the probability of someone logging on with another user's password and gaining unauthorized access to data.

The following guidelines should help you create a basic security policy:

• Tell users not to write down their passwords.
• Tell users not to use obvious passwords, such as their name, their spouse's name, the names of their children, and so on.
• Do not distribute user accounts and passwords in the same communication. For example, if you are sending a new user's account name and password in writing, send the user name and the password at different times.

You can use the following Windows NT and NetWare security features to enhance Windows 95 security:

• Enforce a reasonable minimum password length, which increases the number of permutations needed to randomly or programmatically guess someone's password. Additionally, you can enforce an alphanumeric password combination to achieve the same security.
• Enforce maximum and minimum password age. A maximum password age forces the user to change the password, preventing someone else from discovering it as a result of the password being in use for a long time. A minimum password age prevents a user from immediately reverting back to a previous password after a change.
• Enforce password uniqueness and maintain password history. This prevents users from toggling between their favorite passwords. You can specify the number of unique passwords that a user must have before that user can use a password that has previously been used.