I've seen roughly everything across the gambit. One of the following I've seen in place that I've seen that worked well was Passwords Remembered: 24 Max Age: 180 Min Age: 1 Min Length: 14 Complexity: Yes But keep in mind that moving people to 14 char passwords is a culture shift. This required training with the staff in learning Passphrases rather than cryptic short (8char) passwords which we've all been trained to use over the years. Usually people get the point when you explain that something like LindseyLohan=Nutz0 Is a legitimate password that would take 71 quadrillion years to crack today (http://howsecureismypassword.net). V. Lounds From: Walters, Mike [mailto:[log in to unmask]] Sent: Friday, September 28, 2012 11:46 AM To: [log in to unmask] Subject: [MSUNAG] FW: AD Domain Password Policy For those running MS AD, I was wondering what you are doing for your end user password policy. Example: Passwords Remembered: 5 Max Age: 90 Min Age: 1 Min Length: 8 Complexity: Yes Thanks! Mike Walters, MCSA Network Services Manager ANR Technology Services Michigan State University 446. W. Circle Dr Rm 221, Agriculture Hall East Lansing, Michigan 48824 ph. 517.353.4890 x172 [log in to unmask]<mailto:[log in to unmask]>