I believe that the more complex a password is, the more likely the user is to write it on a post-it note and stick it on their monitor. I tell my users to use the address they grew up at. 1234maple for example. If I have my way we will all have smart cards here this time next year and it won't matter. Greg _____ From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig http://thin.net Sent: Wednesday, May 26, 2004 10:54 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Complex passwords According to Mark Minasi from his security tour if you have users make a passphrase or password longer than 13 characters it would take a hacker 500 centuries to hack it! So never mind doing complex passwords and just require a 13 character or more password or passphrase and you will be good to go. An example is: My dogs name is spot Regards, Jim -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Farrugia, Paul Sent: Wednesday, May 26, 2004 10:12 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Complex passwords Hello again.. We are looking to implement complex passwords......I understand that the passwords can be combinations of upper/lowercase/alpha-numeric/symbols but what are the minimum requirements. Does the password need to contain at least one symbol? One number? Etc.... Thanks