Problem solve Get help with specific problems with your technologies, process and projects.

Enabling complex passwords

Roberta Bragg explains the effects that an updated password policy can have on existing passwords.

If an organization chooses to enable complex passwords, as you recommended in your "Changes you should make to password policy default settings" checklist, what is the impact to existing accounts and passwords that do not meet the requirements? Do the requirements take effect at the next password change or suddenly are the passwords invalid, resulting in an overwhelmed help desk? What are your specific recommendations for planning this kind of implementation at an organization? Something more concrete beyond "enable this" would be appreciated.
When complex passwords are enabled, existing accounts that do not meet the requirements are unaffected until the password is changed. I recommend that users are required to do so by setting their accounts to require a password change the next time they log on. However, in a larger environment, you may want to stagger this requirement, and in any organization, make sure this does not catch users by surprise. Provide ample warning, training and above all, solicit support from all management. Nothing is worse than implementing new security without support.

Dig Deeper on Windows 10 security and management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.