Managing Password Security/Complexity

  • Last Post 20 October 2016
minwar posted this 20 October 2016

Hi, curious to know what other organisations do for this?  Enabling the password complexity doesnt really do much to prevent some really weak passwords.  Anyone using a good 3rd party tool?  Password policy enforcer looks decent on paper so will probably take a look at that, anything better out there?


Order By: Standard | Newest | Votes
VolkerE posted this 20 October 2016


Specops Password Management



minwar posted this 20 October 2016

I wouldnt disagree but its not always viable for a large enterprise, not in the short/medium term anyway. 

a-ko posted this 20 October 2016

As others are saying, I’d start looking into using Windows 10 + ADFS 2016 + AD 2016 and look at implementing MFA. Skip entirely by using passwords. Do it through

attrition. Get the back office infrastructure set up, and slowly migrate end users over in time.


Some things I’d recommend:



Disable password complexity requirements


Increase password length requirements (2 chars ^ 10 minimum keyspace is > 10 chars ^ 2 minimum keyspace)


Increase the longevity of passwords on the environment. Don’t make your users change their password every 60 days. Move it to 180 or 365.


Enable logging/correlation of all access on WebApps, Domain Controllers (use a good audit tool)


There’s a pretty good solid chance that password complexity is the least of the worries on your environment. I wouldn’t spend any money on tools that fix that.

I’d invest the money in more capable technologies and better security.


PS: I work for a large Enterprise. We’re going the ADFS + Password For Work + Windows 10 route.