3.) Double click on the items in the right pane to set them to the values shown
in the figure above.
- "Enforce Password history" prevents users from using the same passwords over and over again.
- "Maximum Password Age" is the maximum amount of time that a user can use the same password.
- "Minimum Password Age" is the minimum amount of time that a user must wait before they can change their password. This works in conjunction with the "Enforce Password history" policy, preventing a user from quickly changing their password many times in order to be able to use the same password again.
- "Minimum Password length" is the minimum number of characters a password must have. Use AT LEAST 8 characters here. Remember that weak passwords are the easiest mechanism a hacker can use to break into your system.
- "Passwords must meet complexity requirements" requires passwords to obey the following rules:
- Passwords must be at least six (6) characters long.
- Passwords must contain characters from at least three (3) of the following four (4) classes:
|English upper case letters (A, B, C, ... Z)
|English lower case letters (a, b, c, ... z)
|Westernized Arabic numerals (0, 1, 2, ... 9)
|Non-alphanumeric ("special characters") such as punctuation symbols
|Passwords may not contain your user name or any part of your full name.
4.) Next, set account lockout policy by navigating to the "Account Lockout Policy" as shown in the figure.
In the figure above, if a user enters a password incorrectly 3 times ("Account Lockout Threshold"), their account will be locked out (disabled) for 60 minutes (the "Account lockout duration"). The system keeps a count of how many times
a user has typed in an invalid password. After 60 minutes, this counter is
reset ("Reset account lockout counter after").
If a hacker tries to guess passwords on your system, these mechanisms will
temporarily disable the account the hacker is trying to break into, and
prevent the hacker from further break-in attempts.
Note that these settings do not apply to the Administrator account. The
Administrator account will never be locked out. This is why it is important
to rename the Administrator account.