How to configure password policies in Windows 10 | Infosec Resources

A password is one of the common methods to authenticate drug user identity. Windows OS comes with diverse authentication options like PIN, password, fingerprint and token, but the feature used most much is distillery the password .
In this article, we will look into how to configure password policies in Windows 10. For a standalone calculator, the security system policies can be configured using local security policy editor program or secpol.msc

Type “ secpol ” in the Windows 10 search stripe and snap on the resulting applet shown.


Click on the Account Policies set, followed by the Password Policy option .

password policy options .

  • Enforce password history: This allows the drug user to define the phone number of unique passwords allowed per exploiter before reusing the honest-to-god password. For model, if the value is set to 5, the exploiter can reuse the first password only after 5 unique password changes. By nonpayment, the value is not configured. The allow value ranges from 0 to 24 .
  • Maximum password age: Allows the drug user to set the password duration ( in days ) after which the drug user is forced to change the password. For example, if the value is set to 30, the drug user will be prompted to change the password on the thirty-first sidereal day. By default, the value is not configured. The permit rate ranges from 0 to 999. If the value is set to 0, that means the password will never expire .
  • Minimum password age: Allows the drug user to set the duration ( in days ) that a password must be used before the exploiter changes it. For model, if the value is set to 5, the exploiter can merely change the password after 5 days. By default, the prize is not configured. The allow value ranges from 1 to 998. If the measure is set to 0, that means the password can be changed immediately .
  • Minimum password length: Allows the user to set the minimal length of the password. For example, if the value is set to 8, the minimum length of the password would be 8 characters and no less than that. By default option, the value is not configured. The allow value ranges from 1 to 14. If the value is set to 0, that means the password is not required .
  • Password must meet complexity requirement: If this policy is enabled, passwords must meet the following minimum requirements :
    • not contain the exploiter ’ mho score name or parts of the exploiter ’ s full diagnose that exceed two back-to-back characters
    • Be at least six characters in length
    • contain characters from three of the following four categories :
      • english capital characters ( A through Z )
      • english lowercase characters ( a through omega )
      • Base 10 digits ( 0 through 9 )
      • Non-alphabetic characters ( for model, !, $, #, % )
    • complexity requirements are enforced when passwords are changed or created .By default, it is set to disable.
  • Store passwords using reversible encryption: This allows storing encrypted passwords in a way that it can be decrypted. This is an dangerous set and must be disabled .

For extra security, we can configure Account Lockout Policy:

  • Account lockout threshold: The number of fail login attempts allowed before locking the report. For model, if set to 5, the score will be locked after 5 invalid password attempts. By default, the value is not configured. The allow prize ranges from 1 to 999. If the value is set to 0, that means the report will never be locked .
  • Account lockout duration: The duration ( in minutes ) for which the account will be locked after triggering the bill lockout doorsill. For exercise, if set to 5, the explanation will be locked for 5 minutes. By nonpayment, the value is not configured. The admit rate ranges from 1 to 99999 minutes. If the respect is set to 0, that means the score will be locked out until an administrator user unlocks it .
  • Reset account lockout counter after: The number of minutes after which the account lockout doorway rejoinder will be reset. For exemplar, if set to 5, the score lockout threshold will reset to 0 after 5 minutes. By default option, the measure is not configured. The give up value ranges from 1 to 99999. If the value is set to 0, that means the account will never be locked .

The settings shown in the article can be set using an promote command prompt besides. For example :

  • Set utmost password senesce to 60 days :net accounts /maxpwage:60
  • Set minimal password old age to 2 days :net accounts /minpwage:2
  • Set minimum password distance to 8 characters :net accounts /minpwlen:8


  • Set report lockout duration to 30 minutes :net accounts /lockoutduration:30
  • Set account lockout threshold to 5 bad logon attempts :net accounts /lockoutthreshold:5
  • Set reset account lockout rejoinder after to 10 minutes :net accounts /lockoutwindow:10


conclusion

A plug infrastructure requires the exploiter to use strong passwords. The password should be at least 8 characters long with a combination of letters, extra character and numbers. A firm password must be changed regularly to avoid password-guessing attacks .

beginning

password Policy, Microsoft

source : https://thaitrungkien.com
Category : Tutorial

Related Posts

Trả lời

Email của bạn sẽ không được hiển thị công khai.