Re: On password expiration

In article <1144093918.401539.202300@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
dstynchula@xxxxxxxxx wrote:
In addition, you should set some expectations regarding the handling of
data as a personnel/management issue. For instance implementing an
organizational policy prohibiting employees from writing down their
passwords will mitigate the "sticky-notes on the VGA monitor"
possibility. Ultimately, some employees may choose to disregard this
instruction, but at that point you will have some accountability
options.

Sticky notes on the monitor are generally a bad idea.

But there are other places to write passwords down that are significantly
better.

Personally, I carry a special device with me at all times, whose purpose is to
secure pieces of paper and plastic that have a perceived value to me, and
facilitate my access to secured resources.

It's called a wallet, and it has been many years since I last mislaid one or
had it purloined. The pieces of paper and plastic that are already in there
are nice and safe, and when I lose them, I spend a little time ensuring that
they are no longer of use in accessing my secured resources.

Passwords are no different. I write them down, those that I cannot remember,
and I carry them around in my wallet. If I lose my wallet, I will include my
domain's administrators in the list of people I will be asking to reset my
credentials.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
.