Intel® AMT: Strong ME Passwords are Required

If you are new to developing software for Intel® AMT, you need to know that the Intel® AMT Manageability Engine's password must be changed from it's factory default (admin) to a "strong password." The following provides some guidance into what sort of strong password is required.  

There are various levels of strong passwords. Most of the time we get by with strong passwords containing characters from at least 3 of the five groups in the Character Classes table.  The Intel AMT ME expects its password to contain characters from at least 4 of the five groups (this implementation is used often for sensitive accounts such as those used by administrators or that run critical network services, ie Intel® AMT.)

You can read more about the Intel AMT ME password requirements in the Intel AMT SDK Documentation (search for "Valid Usernames and Passwords").  Here is the overall direction for both usernames and passwords:

Username requirements: 

  • A username must contains 7-bit ASCII characters, in the range of 33-126, excluding ‘:’, ‘,’, ‘<’, ‘>’, ‘&’, and ‘”’ characters. The string length is limited to 16 characters. It cannot be an empty string. The strings “Administrator” (Release3.2 only) and “Admin,” (Release 4.0 and later releases) and strings that start with “$$” are invalid. 
Password requirments: 
  • Passwords must contain 7-bit ASCII characters, in the range of 32-126, excluding ‘:’, ‘,’ and ‘”’ characters. String length is limited to 32 characters.
    • At least 8 characters long.
    • Contain at least one digit ('0', '1'…'9').
    • Contain at least one 7-bit ASCII non alpha-numeric character, above 32, (e.g. '!', '$', '~'). Note that “_” is considered alphanumeric.
    • Contain both lower-case Latin ('a', 'b'…'z') and upper case Latin ('A', 'B'…'Z') characters.
  • A Kerberos Security Identifier (SID) is a byte array between 1 and 28 bytes. The SID length should be a multiple of 4.