Announcement

Collapse
No announcement yet.

How can Windows server tell that one password is similar to an old password?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How can Windows server tell that one password is similar to an old password?

    Just got a question from a friend, which I really couldnt answer.

    He is wondering how Windows server can tell that the new password he enters is similar (but not the same as) the old password that he used earlier. Let's say the password was test.PWD123 and he changed it to test2.PWD123... then it sais the password isn't complex.

    And he asked whether Windows server saves the password in clear text somewhere or something like that.

    Anyone got a good link with information about this? Worked the googles on my internet machine but there are to many non related topics... I mean, google something with "password" in it!
    A wise man once said: "Assumption is the mother of all fu*k ups".

    Any advice I give is to the best of my knowledge, there is no guarantee what so ever that it will actually work in your particular scenario. I will not accept any responsibility for unexpected consequences, after all - you are taking advice from a complete stranger over the internet. =)

  • #2
    Re: How can Windows server tell that one password is similar to an old password?

    Backup a step and review some background info
    first
    http://en.wikipedia.org/wiki/Security_Accounts_Manager
    then
    http://technet.microsoft.com/en-us/m.../cc745951.aspx

    Caution: heavy duty reading.

    Once your done post back.
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

    Comment


    • #3
      Re: How can Windows server tell that one password is similar to an old password?

      Originally posted by Anders View Post
      Just got a question from a friend, which I really couldnt answer.

      He is wondering how Windows server can tell that the new password he enters is similar (but not the same as) the old password that he used earlier. Let's say the password was test.PWD123 and he changed it to test2.PWD123... then it sais the password isn't complex.

      And he asked whether Windows server saves the password in clear text somewhere or something like that.

      Anyone got a good link with information about this? Worked the googles on my internet machine but there are to many non related topics... I mean, google something with "password" in it!
      It doesn't. If it says its not complex then its something else. Theres no similarity checking.

      Comment


      • #4
        Re: How can Windows server tell that one password is similar to an old password?

        I'm sure I have seen systems that reject passwords similar to ones you've previously used.

        But I think that requires 3rd party software. All I'll say is, as far as I know you can't do that with Windows Server 2003, you can only enforce the remembering of password history which prevents you using the same password twice. If you could reject similar passwords too, we'd be doing that just to annoy the production manager.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: How can Windows server tell that one password is similar to an old password?

          moved to server forum.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment

          Working...
          X