Password randomization

Large enterprises commonly define a single, static password for use across thousands of computers. Given the ease with which even extremely complex passwords can be compromised, the disclosure of passwords can jeopardize the security of an entire enterprise. Randomizing and cycling passwords is an easy and secure way that large public and private enterprises can ensure that security breaches do not occur. Password randomization includes the following concepts:

  • The password change interval - the frequency at which passwords are changed.
  • The password complexity - the minimum password length plus the use of alpha-numeric characters.

The randomize administrator password policy enables administrators to generate random passwords automatically on a schedule for a defined collection so that In a worst-case scenario if a password becomes compromised, then the compromised password will allow access only until the randomization period expires, and more importantly, access will apply to only one computer.

Windows 7 Password Requirement

If the minimum Windows 7™ password policy requires fourteen characters, and the LSS randomize administrator password policy requires 10, then the randomize administrator password policy will fail on those Windows compouters. The LSS randomize administrator password policy must be at least the minimum number of characters Windows requires.