Since SQL Server 2005 now permits administrators to force (coerce?) users to set (and periodically reset) passwords, is there a way to change the Windows strong password schema to a custom design?
Sure, I don’t recommend administrators grant people login accounts—I suggest these be assigned to job roles like “AdminClerk2” or “JuniorJanitor” or “PointyHairedBoss”. In any case, studies have shown that the Microsoft-style strong passwords are tough to remember. While a young person with a high IQ can remember a random set of numbers, case-sensitive letters and punctuation, those users with average IQ or those of advancing age (like me), find it tough to remember where we put the car keys, much less a complex password. So… we write it on a piece of paper where it won’t be missed and hope for the grace of honest people.
An alternative for us challenged folks of diminishing capacities is to use another (and it turns out more/just as) secure password schema. Simply concatenating two or more words together with punctuation works just as well. For example, the password “City.Dog!” is easy to remember and virtually as secure as the Microsoft style. Add a digit or two and it's even stronger.
Is there a way to program Windows domain controllers to use this or some other custom alternative schema? It seems to me that code hackers who did not know that a company was using a non-standard (non-Microsoft) password schema would be no better off... Comments?
Leave a comment