Re: On password expiration

Shieldfire wrote:
In another group I posted a question on security for some of our
external users. They will access a messaging system (not MS
Exchange) and I wanted to set their passwords to expire every N
days.
Lots of admins on that group argue that this is an evil thing. If
user Joe already has a secure password it is evil to make him
change it and possibly come up with a weaker password after N days.

The consequences for my users on this system may be extreme if the
passwords are compromised.

How do you argue, to expire or not expire - that's the question.


Expire. The longer a password is the same, the greater chance it can be
compromised.
As far as making a less complicated password - that all depends on your
complexity requirements.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


.

Relevant Pages

  • On password expiration
    ... They will access a messaging system and I wanted to set their passwords to expire every N days. ... If user Joe already has a secure password it is evil to make him change it and possibly come up with a weaker password after N days. ...
    (microsoft.public.security)
  • Humans are evil
    ... Unless you make contact lenses out of it. ... And that right there is proof, that humans are evil. ... Plastic does not expire in 3 months. ...
    (sci.physics)
  • Re: weyrmount.org is back
    ... Did the registration just expire or was there some evil ... Let's say that NetSol couldn't quite decide how long one year is. ...
    (rec.games.computer.ultima.dragons)