Does the password policy apply to Windows XP and Vista only or is it also applicable to all applications installed on the XP and Vista systems?
On a Windows XP or Vista system, any system components, applications, or utilities that use the XP or Vista authentication mechanism, in particular the user’s Windows authentication token, must comply with the FDCC password policy. This will leave out third-party applications such as Web applications and client applications that use a separate security token for authentication. For example, my Windows authentication token allows me to gain logical access to my desktop, email account, calendaring software, etc. It will comply with the FDCC password policy. I use a distinct authentication token to run a Web application to connect to a travel management system, an enterprise application, or a Federal employee benefits or retirement system. In these cases, my authentication token will comply with the policy instituted on the specific server and services that I am trying to use.
