Password Policy
The password policy helps ensure that a user's password is strong and is changed periodically so that it becomes impossible for an attacker to crack the password.
By default, the password policy is configured like this:
Policy
Default value
Enforce password history
24 passwords
Maximum password age
42 days
Minimum password age
1 day
Minimum password length
7
Password must meet complexity requirements
Enabled
Store passwords using reversible encryption
Disabled
Account lockout duration
Not set
Account lockout threshold
0
Reset account lockout counter after
Not set
From an attacker's point of view it is useful to list the password policy in force on the domain and then be able to do either:
Bruteforce
Guessing
Spraying
Cracking
Last updated