8 characters minimum
No repeating characters
Embedded numbers and special characters
Avoid common dictionary words
Avoid using login name within the password
Force users to change passwords every 3-6 months
Old passwords should be avoided when changing a current password
Users should be repeatedly warned never to share passwords with anyone, including System Administrators.
Users can check their own password at http://www.microsoft.com/athome/security/privacy/password_checker.mspx. This is a non-recording web site used to simply check the strength of a password and it’s resilience for being compromised.
For more information on strong passwords, go to http://www.microsoft.com/athome/security/privacy/password.mspx