Password Policy
Last updated
Last updated
The password policy helps ensure that a user's password is strong and is changed periodically so that it becomes impossible for an attacker to crack the password.
By default, the password policy is configured like this:
From an attacker's point of view it is useful to list the password policy in force on the domain and then be able to do either:
Bruteforce
Guessing
Spraying
Cracking
Policy
Default value
Enforce password history
24 passwords
Maximum password age
42 days
Minimum password age
1 day
Minimum password length
7
Password must meet complexity requirements
Enabled
Store passwords using reversible encryption
Disabled
Account lockout duration
Not set
Account lockout threshold
0
Reset account lockout counter after
Not set