| 1 |
On Wednesday 11 August 2010 20:16:42 Dale wrote: |
| 2 |
> Stroller wrote: |
| 3 |
> > On 10 Aug 2010, at 20:22, Hazen Valliant-Saunders wrote: |
| 4 |
> >> ... |
| 5 |
> >> Good Luck getting people to change them frequently and haveing your |
| 6 |
> >> techs and it departments meeting complexity and length policy. |
| 7 |
> > |
| 8 |
> > I'm pretty sure that's a trivial setting for expiration policy and a |
| 9 |
> > PAM plugin or option to enforce complexity. |
| 10 |
> > |
| 11 |
> > Stroller. |
| 12 |
> |
| 13 |
> Thing about changing passwords to often, the person forgets what the |
| 14 |
> password is. I have a good strong password for my bank and credit |
| 15 |
> card. If I had to change it every month, six months or something, I |
| 16 |
> would set it to something simple so that I could remember what the |
| 17 |
> password is. Then I would write it down to help me remember it as well. |
| 18 |
> |
| 19 |
> Changing the password often can actually lead to other issues. |
| 20 |
|
| 21 |
|
| 22 |
I refuse to implement password expiration policies and have a vast array of |
| 23 |
literature to back me up when some dimwit damager gets on his expiration high |
| 24 |
horse. |
| 25 |
|
| 26 |
My users pick their own passwords - I present a list of 5 from apg and let |
| 27 |
them pick one. Accounts do expire if they go unused for 90 days, but not |
| 28 |
passwords. |
| 29 |
|
| 30 |
What put me onto this policy? I found Gartner recommending password |
| 31 |
expiration. I find the best security possible is always the opposite of what |
| 32 |
Gartner says. Discovering how the AD admins in the company go about their jobs |
| 33 |
was the convincing straw :-) |
| 34 |
|
| 35 |
|
| 36 |
-- |
| 37 |
alan dot mckinnon at gmail dot com |
Archives