Invalid Characters for an NT Password

windows password active-directory

18,842

Windows allows the any of the UTF-16 character set in passwords.

From Technet regarding password complexity - see last bullet point.

Password must meet complexity requirements Description

This security setting determines whether passwords must meet complexity requirements.

If this policy is enabled, passwords must meet the following minimum requirements when they are changed or created:

Not contain the user's entire Account Name or entire Full Name. The Account Name and Full Name are parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the Account Name or Full Name are split and all sections are verified not to be included in the password. There is no check for any character or any three characters in succession.
Contain characters from three of the following five categories
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)
- A catch-all category of any Unicode character that does not fall under the previous four categories. This fifth category can be regionally specific.

18,842

Related videos on Youtube

Author by

JSchlather

Updated on September 17, 2022

Comments

JSchlather almost 2 years

It seems most of the information regarding NT passwords on the internet is about how to crack them. There doesn't seem to be a list of characters that are specifically not-allowed like there is for usernames. As far as I can tell, there are no characters that are disallowed.

I am specifically looking at normal, printable ASCII characters though a dash of unicode would satisfy some curiosity as well.
Kyle Brandt almost 15 years

I would bet it doesn't like NULL bytes ;-)
JS. almost 15 years

If the password is less than 14 chars then it will be padded to 14 with null bytes.
Kyle Brandt almost 15 years

What happens if you put a some like mypas\0sword, will the password just be mypas ?
JS. almost 15 years

It would accept \0 as 2 characters not a null byte. I guess you would have to inject it somehow to mess up the password.
raja almost 15 years

On a side note programatically you can set passwords that are untypeable in the gui I believe (but can't find via google) that the limit is 255 chars but the gui only allows 127 to be entered.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?

How to troubleshoot crashes detected by Google Play Store for Flutter app

Cupertino DateTime picker interfering with scroll behaviour

Why does awk -F work for most letters, but not for the letter "t"?

Flutter change focus color and icon color but not works

How to print and connect to printer using flutter desktop via usb?

Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0

Flutter Dart - get localized country name from country code

navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage

Android Sdk manager not found- Flutter doctor error

Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)

How to change the color of ElevatedButton when entering text in TextField

Related

Change an Active Directory password in C#

How to find two months old password users in a Windows domain?

User can't change password due to complexity

Active Directory password expired. If I set it to never expire, can the user keep the same password?

How do you manage service account credentials (passwords)?

disable maximum password length on Windows Server

Joining an Active Directory domain using netdom

Domain Suffix added to DNS Queries

How to get user password expiration date from Active Directory?

Using powershell I'd like to get a list of people who have admin privileges for a domain?