To meet MS complexity rules then set it to Upper = 1, Lower = 1, special = 1, numeric = -1 ( as we need to ensure that 3 of the 4 character sets are always used. Just ensure that you set it to one that meets the password complexity of your domain of course. For Each policy I set up then I can choose to leave it up to the function to determine the complexity. The latter value was required so that when I convert it to run as an ARS policy script I can set some or all of the character sets as optional. ![]() -1 = Optionally include the character set at run time.1 = always include at least ONE of the character set.I created these as integers as I needed three possible states. I added 4 complexity variables, upper, lower, numeric and special. ![]() I say optionally because if my function always adds them then I would be reducing the seen entropy. Despite the assertion that leetspeak words, where we use common substitutions (P4$$w0rd8), don’t really add to the password entropy I still wanted to optionally add them to the passphrases my function would generate. Ideally we want users to select a strong password and this means longer passwords with multiple character sets used to make up the password. I wrote a function that would allow flexible choice of complexity rules by using parameters to control which character sets are used when generating the passphrase.įollowing on from my previous post on educating users by setting a good example when resetting their password I stated that password strength is measured in entropy and that there were two values to consider, blind and seen entropy. After doing some reasearch I found several scripts that were based on Dicewear, which is a solution that uses Dice and a password dictionary to generate random passphrases. The first stop was to write a function that would generate a passphrase. Having implemented SpecOps password policy I wanted to update the ARS script to generate a passphrase rather than a long password that would be, difficult to provide to the user, difficult for the user to enter at the password prompt and lastly not really showing the user how to create a strong and easy to remember password. These make long and easy to remember passwords. ![]() As I said in my previous post, my definition of a passphrase is 3 or more random words. The general consensus on passwords has changed recently and the latest recommendation for choosing a password is to use a passphrase. This makes it easy for the Service Desk analyst set a random password rather than the bad practice of setting the same weak password for every account they touch, like London12 or Password8.Ĭlicking the Generate password button runs a builtin VBScript that reads the Default Domain Policy and generates a random password that meets the password policy. ARS has a password generator built into the MMC.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |