Password Uniqueness in Windows NT

Last reviewed: May 8, 1997
Article ID: Q102727
The information in this article applies to:
  • Microsoft Windows NT operating system version 3.1
  • Microsoft Windows NT Advanced Server version 3.1

SUMMARY

The Password Uniqueness parameter in Windows NT can confuse users. There is no direct association between this value and the number of passwords that a specific user has previously used.

MORE INFORMATION

Let's suppose that Password Uniqueness is set to 3. This does not mean that at the third password change I can use an old password, or that that after using three passwords I can use the first one again.

The Password Uniqueness parameter works as follows:

   First password:  One                Passwords saved: <>

   First password change
     New password:  Two                Passwords saved: <One>

   Second password change
     New password:  Three              Passwords saved: <One,Two>

A user may think that the first password can be used again because three passwords have been used. This is not true; the user must wait until his password disappears from the saved password list. The next password change will resemble the following:

   Third password change
     New password:  Four               Passwords saved: <One,Two,Three>

Some users may think that they can use their first password again, because they've already changed their password three times. This is incorrect also. The next password change will resemble the following:

   Fourth password change
     New password:  Five               Passwords saved: <Two,Three,Four>

In the next (the fifth) password change, the user can use the first password (One), because it is no longer on the list.

A better way to explain this is to regard the Password Uniqueness number as the number (n) of entries in a fictitious table, where the passwords in this table cannot be used. If you add to this your current password, plus the new password that you will use, you get n+2 different passwords, and not n different passwords.

Be aware that if you want to keep n different passwords, Password Uniqueness must be set to n-2. Be aware also that n can be any number from 1 to 8.

Workaround

If you mistakenly set up a number and you don't want that to be your standard, you can change it, and the oldest entries from that table will be removed so you can use those passwords.

To change Password Uniqueness:

  1. From User Manager for Domains, select the Policies menu.

  2. Choose Account.

  3. Change your password uniqueness number in the Password Uniqueness box.

  4. Choose OK.


Additional query words: prodnt
Keywords : kbusage ntsecurity
Version : 3.1
Platform : WINDOWS


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: May 8, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.