Passwords: Minimum length

e352dda0-c735-4b4e-ba26-097f5dbab32c

Types of password attacks include dictionary attacks (which attempt to use common words and phrases) and brute force attacks (which try every possible combination of characters). Also, attackers sometimes try to obtain the account database so they can use tools to discover the accounts and passwords.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/minimum-password-length

STIG recommends a minimum password length of 14 characters.


stig-medium-server
stig-medium-desktop
compliance-desktop
compliance-server
security-desktop
security-server
nist800-171