Help protect your passwords To help ensure security, passwords should be used carefully. These recommendations will help protect your passwords: • Never write down your password. • Never share your password with anyone. • Never use your network logon password for another purpose. • Use different passwords for your network logon and the Administrator account on your computer. • Change your network password every 60 to 90 days or as often as required in your specific environment. • Change your password immediately if you think it has been compromised. You should also be careful about where you save your password on your computer. Some dialog boxes, such as those for remote access and other telephone connections, present an option to save or remember your password. Do not select that option for highly sensitive passwords because the compromise of these passwords is more possible than when they are not stored. To change your password Use this procedure to change the password you use when you log on to Windows if your computer is a member of a workgroup, and is not a member of a domain. For information about changing your password if your computer is a member of a domain, click Related Topics. 1. Open User Accounts in Control Panel. 2. Under or pick an account to change, click your account. 3. Click Change my password. 4. Type your current password in Type your current password. 5. Type your new password in Type a new password and Type the new password again to confirm. 6. You can type a word or phrase to use as a memory aid for the new password in Type a word or phrase to use as a password hint. 7. Click Change Password. Notes • To open User Accounts, click Start, point to Settings, click Control Panel, and then double-click User Accounts. • Password security largely depends on creating strong passwords and helping to protect them. For more information, click Related Topics. Creating strong passwords To help keep your computer more secure, you should use a strong password. While this is a good practice in general for all of your computer accounts, it is especially important for your network logon and for the Administrator account on your computer. For a password to be strong, it should: • Be at least seven characters long. Because of the way passwords are encrypted, the most secure passwords are seven or 14 characters long. • Contain characters from each of the following three groups: Group Examples Letters (uppercase and lowercase) A, B, C (and a, b, c ) Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 Symbols (all characters not defined as letters or numerals) ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . / • Have at least one symbol character in the second through sixth positions. • Be significantly different from prior passwords. • Not contain your name or user name. • Not be a common word or name. Passwords can be the weakest link in a computer security scheme. Strong, hard-to-guess passwords are important because the tools and computers that people use to guess passwords continue to improve. Network passwords that once took weeks to guess can now be guessed in hours. Password-guessing software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can guess any password. However, it can still take months to guess a strong password. Windows passwords can be up to 127 characters long. However, if you are using Windows XP on a network that also has computers using Windows 95 or Windows 98, consider using passwords not longer than 14 characters. Windows 95 and Windows 98 support passwords of up to 14 characters. If your password is longer, you may not be able to log on to your network from those computers. For more information, click Related Topics. To create a user password Passwords add a level of security to your computer. When sharing a computer with others, your customized settings, computer programs, and system resources are more secure when you assign a password to your logon name or user account name. The steps to perform this task differ depending on whether your computer is a member of a network domain or is part of a workgroup (or is a stand-alone computer). My computer is on a domain You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings might also prevent you from completing this procedure. 1. Open User Accounts in Control Panel. 2. On the Users tab, click the name of the user for whom you want to create a password, and then click Reset Password. 3. In New password and Confirm new password, type the password, and then click OK. Note • You can create passwords only for local computer accounts, such as guest, administrator, or accounts you create for your computer. My computer is not on a domain The steps to perform this task differ depending on the type of user account you have. If you have a computer administrator account on the computer 1. Open User Accounts in Control Panel. 2. Click your account name. 3. Click Create a password. 4. In Type a new password and Type the new password again to confirm, type the password for your account. You can also enter descriptive or meaningful text in Type a word or phrase to use as a password hint to help you remember your password. 5. Click Create Password. If you have a limited account on the computer 1. Open User Accounts in Control Panel. 2. Click Create a password. 3. In Type a new password and Type the new password again to confirm, type your password. You can also enter descriptive or meaningful text in Type a word or phrase to use as a password hint to help you remember your password. 4. Click Create Password. Notes • When you create a password hint, anyone who uses the computer will be able to see the hint on the Welcome screen. • A user with a computer administrator account can create and change passwords for all users on the computer. Users with limited accounts can only create and change their own passwords, as well as create their own password hints. • If a user with a computer administrator account changes the password for another user, that user will lose all EFS-encrypted files, personal certificates, and stored passwords for Web sites or network resources. Notes • To open User Accounts, click Start, point to Settings, click Control Panel, and then double-click User Accounts. • For more information about user accounts, click Related Topics. . Help protect your passwords To help ensure security, passwords should be used carefully. These recommendations will help protect your passwords: •. creating strong passwords and helping to protect them. For more information, click Related Topics. Creating strong passwords To help keep your computer