22 Chapter 1 Implementing a strong security posture often begins by making the login process more robust. This includes increasing the complexity of the login password. All passwords can be cracked, given enough time and resources, but the more difficult you make cracking a password, the greater the possibility the asset the password protects will stay protected. All operating systems have some mechanism to increase the complexity of passwords. In Microsoft Windows XP Professional, this can be accomplished by clicking Start Control Panel Administrative Tools Local Security Policy. Under Security Settings, expand Account Policies and then highlight Password Policy. In the right-hand panel you can enable password complexity. Once this is enabled, passwords must contain at least three of the four following password groups [36]: · · · · English uppercase characters (A through Z) English lowercase characters (a through z) Numerals (0 through 9) Nonalphabetic characters (such as !, $, #, %) It is important to recognize that all operating systems have embedded tools to assist with security. They often require a little research to find, but the time spent in identifying them is