Security Basics mailing list archives
Re: Password changes more than once per day
From: bauchi <lists () bauchi de>
Date: Wed, 11 Feb 2004 01:02:34 +0100
BK> Can someone please explain the security implications of allowing a user to change their password more than one time per day without involving an account administrator? What's the risk ? BK> I specified the security requirement of not allowing a user to change their password more than once per day for an outsourcing project and I am being asked why. I could not remember my reasoning BK> other than it's a requirement for microsoft security policies to ensure password history is enforced. BK> Thanks! hi bob, one of the reasons we did this, is that our policy says: remember the last 3 password of this user and do not accept passwords based on the last 3 used. if the user can change his password whenever/how often 'HE/SHE' wants, he could cycle through 3 passwords within 2 minutes and at the forth time use his old password. and that's not wanted ;) hth basti --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Password changes more than once per day Bob Kelley (Feb 10)
- Re: Password changes more than once per day Charlie Fraser (Feb 10)
- Re: Password changes more than once per day bauchi (Feb 10)
- RE: Password changes more than once per day Joey Peloquin (Feb 10)
- <Possible follow-ups>
- RE: Password changes more than once per day Pamela Gott (Feb 10)
- RE: Password changes more than once per day Gene LeDuc (Feb 10)
- RE: Password changes more than once per day Josh Mills (Feb 11)
- Re: Password changes more than once per day bsec (Feb 11)
- RE: Password changes more than once per day Gene LeDuc (Feb 12)