1 |
On Wednesday 11 August 2010 20:16:42 Dale wrote: |
2 |
> Stroller wrote: |
3 |
> > On 10 Aug 2010, at 20:22, Hazen Valliant-Saunders wrote: |
4 |
> >> ... |
5 |
> >> Good Luck getting people to change them frequently and haveing your |
6 |
> >> techs and it departments meeting complexity and length policy. |
7 |
> > |
8 |
> > I'm pretty sure that's a trivial setting for expiration policy and a |
9 |
> > PAM plugin or option to enforce complexity. |
10 |
> > |
11 |
> > Stroller. |
12 |
> |
13 |
> Thing about changing passwords to often, the person forgets what the |
14 |
> password is. I have a good strong password for my bank and credit |
15 |
> card. If I had to change it every month, six months or something, I |
16 |
> would set it to something simple so that I could remember what the |
17 |
> password is. Then I would write it down to help me remember it as well. |
18 |
> |
19 |
> Changing the password often can actually lead to other issues. |
20 |
|
21 |
|
22 |
I refuse to implement password expiration policies and have a vast array of |
23 |
literature to back me up when some dimwit damager gets on his expiration high |
24 |
horse. |
25 |
|
26 |
My users pick their own passwords - I present a list of 5 from apg and let |
27 |
them pick one. Accounts do expire if they go unused for 90 days, but not |
28 |
passwords. |
29 |
|
30 |
What put me onto this policy? I found Gartner recommending password |
31 |
expiration. I find the best security possible is always the opposite of what |
32 |
Gartner says. Discovering how the AD admins in the company go about their jobs |
33 |
was the convincing straw :-) |
34 |
|
35 |
|
36 |
-- |
37 |
alan dot mckinnon at gmail dot com |