Microsoft KB Archive/102727

= Password Uniqueness in Windows NT =

PSS ID Number: 102727

Article Last Modified on 10/28/2003

-

The information in this article applies to:


 * Microsoft Windows NT Server 3.1
 * Microsoft Windows NT Workstation 3.1

-



This article was previously published under Q102727



SUMMARY
The Password Uniqueness parameter in Windows NT can confuse users. There is no direct association between this value and the number of passwords that a specific user has previously used.



MORE INFORMATION
Let's suppose that Password Uniqueness is set to 3. This does not mean that at the third password change I can use an old password, or that that after using three passwords I can use the first one again.

The Password Uniqueness parameter works as follows:   First password:  One                Passwords saved: <>

First password change New password: Two                Passwords saved: 

Second password change New password: Three              Passwords saved:  A user may think that the first password can be used again because three passwords have been used. This is not true; the user must wait until his password disappears from the saved password list. The next password change will resemble the following:

  Third password change New password: Four               Passwords saved:  Some users may think that they can use their first password again, because they've already changed their password three times. This is incorrect also. The next password change will resemble the following:   Fourth password change New password: Five               Passwords saved:  In the next (the fifth) password change, the user can use the first password (One), because it is no longer on the list.

A better way to explain this is to regard the Password Uniqueness number as the number (n) of entries in a fictitious table, where the passwords in this table cannot be used. If you add to this your current password, plus the new password that you will use, you get n+2 different passwords, and not n different passwords.

Be aware that if you want to keep n different passwords, Password Uniqueness must be set to n-2. Be aware also that n can be any number from 1 to 8.

Workaround
If you mistakenly set up a number and you don't want that to be your standard, you can change it, and the oldest entries from that table will be removed so you can use those passwords.

To change Password Uniqueness:


 * 1) From User Manager for Domains, select the Policies menu.
 * 2) Choose Account.
 * 3) Change your password uniqueness number in the Password Uniqueness box.
 * 4) Choose OK.

Additional query words: prodnt

Keywords: kbusage KB102727

Technology: kbWinNT310Search kbWinNTS310 kbWinNTS310search kbWinNTsearch kbWinNTSsearch kbWinNTW310 kbWinNTW310Search kbWinNTWsearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.