Make that complex please!

On January 9, 2009, in sbs 2008 migration, by

So when you do a SBS 2008 migration and don’t put in a complex enough password during the migration install it may not be intially obvious that it didn’t like the password.

But just keep that in mind.   Make sure that the password you choose for the new server is complex.

Capital letters

Numbers

Spaces

Funky characters

Just make in complex!

http://blogs.technet.com/sbs/archive/2009/01/02/introducing-the-windows-sbs-2008-answer-file.aspx

  • Administrator Password: Password for the new network administrator account. The password that you provide must be complex. If you do not provide a complex password, the unattended installation stops so you can provide the complex password.
  •  

    2 Responses to Make that complex please!

    1. Dean says:

      Passwords don’t need to be complex like that. They just need to be something that can’t be found in a dictionary. So I make users pick a short phrase with no spaces in between words. Something like ( and this is just a corny example ) “ilikecomingtowork”. It’s long enough to not be guessed easily by monkeys typing in random characters but it is easy for the user to remember. And they don’t need to be touching the shift key at all.

    2. Dean says:

      Microsoft just backed me up on using passphrases !

      In this article:

      http://technet.microsoft.com/en-us/library/cc512606.aspx

      It says:

      Note that the length of the password is far more important in cracking resistance than the number of characters in the character set. For example, a 7-character long case-insensitive password using all characters on a US English keyboard (69 characters) will resist cracking against captured challenge response pairs for only 14 days. Using a case-sensitive password (95 characters) but leaving all other parameters the same, the password resists for 135 days, still not very long. Now add a character to it, making it an 8-character password. The case-insensitive version will resist cracking for 991 days and the case-sensitive version will resist for over 35 years! These calculations clearly indicate that password length is far more important than the number of characters in the password set; assuming that the password truly appears random to the attacker and cannot be attacked using dictionaries or heuristics. If you are trying to improve password strength in your organization, teach people to use longer passwords that are not based on common words. One technique is also to base passwords, or better yet, pass phrases, on words in other languages than the primary one at the site.

      Because length is so important in passwords, an approach that has become very popular recently is to use pass phrases instead of passwords (see Pass phrases vs. Passwords). A pass phrase is a phrase, complete with spaces and punctuation, which is used as an authentication token instead of a password. Windows is perfectly capable of using pass phrases already. Pass phrases also seem to be easier for people to remember, making them even more attractive.

      Complex — A good password should have a mix of all the four character types, uppercase and lowercase letters, numbers, and non-alphanumeric symbols. Preferably, all four should exist in a given password. Remember, any character on your keyboard is legal in a password. Using a pass phrase and interspersing it with randomly chosen characters and spaces considerably improves the strength of your password.