The following is a sample letter for warning user regarding his/her weak password setup which was detected by IT department through security scan. Pls take it as your reference.

Re: Weak NT Password detected, your action is required!!!

Date:       Month Date, Year (1)

Dear User,

According to our recent NT Password Audit Scan results, we found your password was fallen into the category of weak password.  You are advised to change it with 7 days, that is, on or before Date Month, Year (2).  Otherwise, we will issue a yellow card to you and notify your supervisor if the next scan still find a weak password for your logon.  Please note that your system account will be immediate suspended if there are 2 consecutive fail of your password’s scan results.

Your password shall be complied with the password policy; you may find this at your network drive password-policy.doc.  Simply speaking, it shall be at least 6 characters long and composing of 3 of the following 4 categories, which is

a)      upper case alpha characters,

b)      lower case alpha characters,

c)      numeric characters, or

d)     special characters like !,@,#,$,%, etc.

In addition to the above, we have also implied the hybrid test on the password strength scan.  That means your password shall not be composed of any word or easy guessable combinations found in the dictionary.  Below is some example which are classified to be weak hybrid password.

1)      Apple01..

2)      01Apple..

3)      aaa01..

4)      01aaabbb

To verify if your decided password fall into the weak password dictionary, you may visit our dictionary.doc from our network drive.

Should you have any queries on the above, please do not hesitate to contact us for help.

Thank you very much for your attentions.

Regards,

IT Helpdesk