From: Lee Clemens (securityleeclemens.net)
Date: Wed May 20 2009 - 11:09:22 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Password complexity rules can include similarity to previous passwords.

Both passwords you are using contain the same 9 characters.

Try: sihts1dr0wspyM or something different

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On
Behalf Of DG Gmail
Sent: Tuesday, May 19, 2009 2:06 PM
To: Brian K. Dore; focus-mssecurityfocus.com
Subject: Re: AD Password complexity - passwords too long?

Thank for the replies all...

I have done the test below and still didn't work. I check to make sure
domain GPO's were being applied, and they are.

As I mentioned minimum password length is 8 characters.

If my password is Mypsw0rd (as you can see its actually 9) it works ok, but

if I try to use Mypsw0rd1sthis it does now work. It will not allow me to
change it.

I have also check the other requirements ( history, username in password,
etc...)

Could there be a restriction as far as using a special character more than
once?

I have seen the documentaion that states otherwise, but anything longer than

9-10 characters fails.

*shrug*

Daniel

<snip>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]