Re: Password Policy
- From: "Jordan" <nospam@xxxxxxxx>
- Date: Thu, 13 Aug 2009 20:46:32 -0400
That would take a lot of frustration out of the task, but when we assign the
passwords to the users they can claim it was not them if there is any issue
because we know their password too.
"Tom Willett" <tom@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23Jt8ZVBHKHA.4436@xxxxxxxxxxxxxxxxxxxxxxx
In our domain, we in IT decide the passwords and tell the users what they
are.
"Jordan" <nospam@xxxxxxxx> wrote in message
news:eRxh0$7GKHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
: The best way to handle your users it to give them examples of ways they
can
: easily make a password and have it fit into the requirements. For
example
I
: have the standard windows complex PW scheme enabled with a min of 6
: characters. I don't even tell the users about being able to use
specialb
: characters because there head would explode. I tell them to get a name
or
: something with the 6 characters and alter the letters to a number.
Names
of
: people or places work great because you would normally capitalize the
first
: letter anyway like:
:
: Charl3s
: B0st0n
: Ju11ian
:
: Even something as simple as this is going to be tough for some terrified
: users. I had to sit with one user for 15 minutes once because no matter
: what he typed he never met the criteria and half the time I could see by
the
: counts of the dots on the screen he was not typing the same amount of
: characters for the confirming box as the first.
:
: What probably brought the change is some Accounting weenie that knows
: nothing about network security told him they would fail a SOX audit if
they
: did not make some complex password rulie and have it expire every 90 -
120
: days.
:
: I really get a kick out of the hipocracy of those accounting weenies
telling
: IT folk about what we should be requiring when every single financial
: institution that passes out credit cards or ATM cards only requires a 4
: numeric digit PIN that never expires.
:
: When I was first told to make sure we enabled the complex requirement
: instead of just the minimum character I knew it was going to be a big
PITA.
: I had to go from office to office for months and check for sticky pads
on
: monitors and under keyboard for the users passwords and then have to
give
: them the talk about how they can't do that. Eventually they do get use
to
: it.
:
:
: "1PW" <barcrnahgjuvfgy@xxxxxxx> wrote in message
: news:h5puto$164$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: > Eric wrote:
: >> I have a network that I have to upgrade their password policy. I am
: >> aware of
: >> best practice and how it says I should do it, however the users in
the
: >> network are terrified of change. I was just wondering if anyone has
been
: >> in
: >> this situation and had any suggestions in how to proceeed.
: >
: > Hello Eric:
: >
: > What is bringing about the policy change? You alone? Your suggestion
: > to management? Management alone? Other? Please detail the type of
: > practices do you intend to implement.
: >
: > How many user accounts are involved? Is management in the habit of
: > putting their policy changes out in writing? Are you an employee of
: > the network owner or an outside contractor?
: >
: > Is the network part of a small, medium, large company? Corporation?
: > Local, state, federal government?
: >
: > Pete
: > --
: > 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
: >
:
:
:
.
- Follow-Ups:
- Re: Password Policy
- From: Tom Willett
- Re: Password Policy
- References:
- Password Policy
- From: Eric
- Re: Password Policy
- From: 1PW
- Re: Password Policy
- From: Jordan
- Re: Password Policy
- From: Tom Willett
- Password Policy
- Prev by Date: Re: System restore
- Next by Date: Re: Password Policy
- Previous by thread: Re: Password Policy
- Next by thread: Re: Password Policy
- Index(es):
Relevant Pages
|
