Rules for Creating Passwords
Do not share your password. Each user should be the only one to know the password for his or her account. Well-chosen passwords are essential to preserve the integrity of the system and individual user accounts. Never leave your password in plain text (unencrypted) in any of your files. Passwords stored in this way are easily stolen.
When you change your password, the new password must comply with our password complexity policy:
- Each password must have at least eight characters.
- Each password must contain at least three of the following four elements among its first eight characters:
- - uppercase letters (English, A through Z)
- - lowercase letters (English, a through z)
- - special characters (for example, !, $, #, %)
- - digits (0 through 9)
- Do not use a space in a password. Though technically allowed, it may be a source of confusion.
- Do not form a password by appending a digit to a word--this type of password is easily guessed.
- Each password must differ from the user's login name and any permutation of that login name. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.
- New passwords should differ from the old by at least three characters.
If you need additional ideas for creating a new password, Microsoft has a few tips.