[geeks] Mandatory password changes
Phil Stracchino
phil.stracchino at speakeasy.net
Sun Dec 10 15:04:48 CST 2006
Bill Bradford wrote:
> On Sun, Dec 10, 2006 at 01:30:13PM -0500, Phil Stracchino wrote:
>> 1. 90% of the passwords in the system will be "cat", "dog", or the
>> ever-popular "GOD".
>> 2. 90% of your employees will switch back and forth between the same
>> two passwords at 30-day intervals.
>
> $WORK prevents this by enforcing strong passwords (uppercase/lowercase,
> symbols/numerals, etc).
>
>> 3. 90% of your employees will have their current password written on a
>> Post-It note on their monitor or, at best, in their desk drawer.
>
> Current policy is password changes every 90 days, and you can't use a
> password that has the same characters in the same positions as your old
> password, nor can you re-use any of the last six passwords you've had.
Oy gevalt. Not being allowed to have any unchanged character from your
previous password must make it a pain in the ass coming up with
passwords you have any hope of remembering. At that rate you almost
might as well just start md5summing random files to generate passwords
... at which point EVERYONE will HAVE to write their passwords down.
--
Same geek, same site, new location
Phil Stracchino Landline: 603-429-0220
phil.stracchino at speakeasy.net Mobile: 603-216-7037
Renaissance Man, Unix generalist, Perl hacker, Free Stater
More information about the geeks
mailing list