RE: Password changes more than once per day
From: Gene LeDuc (Gene.LeDuc_at_tns-md.com)
Date: 02/11/04
- Previous message: Charlie Fraser: "Re: Password changes more than once per day"
- Maybe in reply to: Bob Kelley: "Password changes more than once per day"
- Next in thread: bauchi: "Re: Password changes more than once per day"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'Bob Kelley' <bob_kelley_jr@yahoo.com> Date: Tue, 10 Feb 2004 19:07:28 -0500
The main reason that I can see is to prevent people from defeating a rule
such as "you can't use any of your last 12 passwords". If there's no
minimum password life then I could change my password 12 times in a few
minutes and then make the final change back to my original. I have users
who would do this.
-----Original Message-----
From: Bob Kelley [mailto:bob_kelley_jr@yahoo.com]
Sent: Tuesday, February 10, 2004 1:32 PM
To: security-basics@securityfocus.com
Subject: Password changes more than once per day
Can someone please explain the security implications of allowing a user to
change their password more than one time per day without involving an
account administrator? What's the risk ?
I specified the security requirement of not allowing a user to change their
password more than once per day for an outsourcing project and I am being
asked why. I could not remember my reasoning other than it's a requirement
for microsoft security policies to ensure password history is enforced.
Thanks!
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
- Previous message: Charlie Fraser: "Re: Password changes more than once per day"
- Maybe in reply to: Bob Kelley: "Password changes more than once per day"
- Next in thread: bauchi: "Re: Password changes more than once per day"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
