Security Basics mailing list archives
Re: passwords
From: "Chris Berry" <compjma () hotmail com>
Date: Tue, 18 Feb 2003 12:14:02 -0800
From: "ullmic6" <ullmic6 () web de> one of the favorite subjects in my company seems to be the strength of passwords. We force our users to change their mail password every 90 days. Does this make sense? Why?
Well here's my take on the subject:1) The entire purpose of passwords is to make your network secure by providing a simple means of authentication. 2) The duration of a password should be set in such a way that it's very difficult to crack it before it's been changed. There are two ways to accomplish this, increased complexity or decreased duration. 3) The problem is that if you make the complexity too high or the duration too low, users will defeat your technology with sticky notes and the like, so it's necessary to strike a balance between security and annoyance. You want the strongest passwords for the shortest time that people won't try to circumvent. Generally this means a medium to strong password for 3-6 months.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Quick, easy, or cheap; pick any two." _________________________________________________________________Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- passwords ullmic6 (Feb 18)
- RE: passwords Robert Sieber (Feb 19)
- RE: passwords Jeff Harris (Feb 20)
- Re: passwords simsjs (Feb 19)
- Re: passwords multics (Feb 19)
- Re: passwords jl (Feb 20)
- Re: passwords Ross Nelson (Feb 19)
- RE: passwords Tim V - DZ (Feb 19)
- <Possible follow-ups>
- Re: passwords eer7y3n0h (Feb 19)
- Re: passwords Chris Berry (Feb 19)
- RE: passwords Robinson, Sonja (Feb 19)
- RE: passwords Vince Dang (Feb 20)
- RE: passwords Chris Berry (Feb 20)
- Re: passwords Chris Berry (Feb 20)
- RE: passwords Shanna Daly (Feb 20)
- RE: passwords Trevor Cushen (Feb 20)
- Re: passwords Glen Mehn (Feb 20)
- RE: passwords Tim Heagarty (Feb 20)
- RE: passwords Högman, Lars (Feb 22)
- RE: passwords Robert Sieber (Feb 19)