I received the following information about AD passwords for this audit.
Internal network domain (default domain) passwords must conform to the following requirements:
Does anyone know if this is accurate? I was under the impression that storing passwords using reversible encryption is actually less secure and should only be used if you have a specific application that requires it.
Internal network domain (default domain) passwords must conform to the following requirements:
- Enforce password history (cant reuse a
- password from prior 24 passwords)
- Maximum password age (42 days)
- Minimum password age of 1 day
- Minimum password length of 7 characters
- Complexity requirement enabled
- Store passwords using reversible encryption.
Does anyone know if this is accurate? I was under the impression that storing passwords using reversible encryption is actually less secure and should only be used if you have a specific application that requires it.