Is Windows’ strong password policy as strong as you need?
Enabling Windows’ strong password policy requires that users comply with 3 out of 5 character requirements. This will not protect your users’ accounts from attacks based on guessing or breaches of commercial WEB-sites’ user passwords.
If you want to protect your users’ accounts from SPRAY attacks or hackers using green-tables to find the users’ passwords, you can extend the Active Directory password policy with external solutions extending the AD password policy. If you’re concerned that users only change one or two characters in their passwords (having a sequence number) you can prevent this too.
Before you consider to completely change the way your organization uses passwords, it might be easier to remedy some of the weaknesses in Active Directory password policy, than changing one of your core components to IT-security.
To see more details have a look at this blog: https://www.fastpasscorp.com/guide-to-best-password-policy/