Creating strong passwords

Computer security includes the use of strong passwords for your network logon and the Administrator account on your computer.

For a password to be strong, it should:

Be at least seven characters long. Because of the way passwords are encrypted, the most secure passwords are seven or 14 characters long.

Contain characters from each of the following three groups:


Letters (uppercase and lowercase)

A, B, C... (and a, b, c...)


0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Symbols (all characters not defined as letters or numerals)

` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /

Have at least one symbol character in the second through sixth positions.

Be significantly different from prior passwords.

Not contain your name or user name.

Not be a common word or name.

Passwords can be the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful than ever. Network passwords that once took weeks to crack can now be cracked in hours.

Password cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password.

Windows passwords can be up to 127 characters long. However, if you are using Windows XP on a network that also has computers using Windows 95 or Windows 98, consider using passwords not longer than 14 characters. Windows 95 and Windows 98 support passwords of up to 14 characters. If your password is longer, you may not be able to log on to your network from those computers.

For more information, click Related Topics.

Change your password

Protecting your passwords

© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies