Re: Enforcing strong passwords
From:Date: 11/10/02
- Next message: : "Re: Enforcing strong passwords"
- Previous message: Damian Menscher: "Re: blocking email domains"
- In reply to: Tim Hogard: "Re: Enforcing strong passwords"
- Next in thread: Mike: "Re: Enforcing strong passwords"
- Reply:(deleted message) Mike: "Re: Enforcing strong passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 9 Nov 2002 23:09:47 +0000 (UTC)
In article <aqj46t$2999$1@knotty.abnormal.com>, Tim Hogard wrote:
>You also have to give people time to think about their new password
>before you force a change. If you force people to pick a good password
>out of thin air, it will end up on a sticky note.
Forcing a password change on Friday leads to increased risk that it will
be forgotten by Monday. The "14 days left with this password - change now ?"
is quite good if you must have aging.
I also agree with Fred Cohen (http://all.net) that there is not much point to
password aging - particularly with short intervals.
-- decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp random words follow - don't take too seriously! Nexcerpt, Inc. 1-616.226.9550 Yet another example of how the new project ".Net" violating common rules of English give it a different behavior: unlocking the TV caused ALL of my "e-bill" as well as an "imbalance".
- Next message: : "Re: Enforcing strong passwords"
- Previous message: Damian Menscher: "Re: blocking email domains"
- In reply to: Tim Hogard: "Re: Enforcing strong passwords"
- Next in thread: Mike: "Re: Enforcing strong passwords"
- Reply:(deleted message) Mike: "Re: Enforcing strong passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
