[geeks] Mandatory password changes
Phil Stracchino
phil.stracchino at speakeasy.net
Mon Dec 11 05:34:11 CST 2006
Sridhar Ayengar wrote:
> Phil Stracchino wrote:
>> I entirely agree. Require every employee in the company to change their
>> password every 30 days, and one or more of three things will happen
>> depending on which of the first two you prevent:
>>
>> 1. 90% of the passwords in the system will be "cat", "dog", or the
>> ever-popular "GOD".
>>
>> 2. 90% of your employees will switch back and forth between the same
>> two passwords at 30-day intervals.
>>
>> 3. 90% of your employees will have their current password written on a
>> Post-It note on their monitor or, at best, in their desk drawer.
>
> 4. Employees will cycle through a set of random passwords and use the
> same password over and over again to get around restrictions on repeated
> passwords.
This is a superset of (2). But, yeah. And they'll probably be written
down....
--
Same geek, same site, new location
Phil Stracchino Landline: 603-429-0220
phil.stracchino at speakeasy.net Mobile: 603-216-7037
Renaissance Man, Unix generalist, Perl hacker, Free Stater
More information about the geeks
mailing list