Security Basics mailing list archives
RE: Minimum password requirements
From: "Ferino Mardo" <RMardo () ALJOMAIHBEV com>
Date: Tue, 20 Jul 2004 08:46:20 +0300
Get all the technical details ironed out and then get management to be involved with this. My experience with my previous company has always been with this issue of users writing down their passwords (8 chars. Minimum, combination of lower and uppercase plus at least a number) and sticking it on their monitor. How I got around this or resolved this was I convinced management to back me up and with that all users all required to sign an NDA which "leases" them their username, password/s, and everything associated with it including emails and internet access. Failure to do so would result in termination of service and possibly a lawsuit. Draconian yes but it's the only way I can think of at that time.
-----Original Message----- From: _ [mailto:nightelf () tartarus uwa edu au] Sent: Saturday, July 17, 2004 10:53 AM To: security-basics () securityfocus com Subject: Re: Minimum password requirements On Thu, Jul 15, 2004 at 08:26:57AM -0700, Randall M Gunning wrote:a. Passwords must be changed at least every 90 days.The only problem I have with this, is that most users will start to
pick
easy passwords, or write them down if they're forced to change so frequently. Personally, I'm all for it but I'm interested in security, whereas the average user wants to be inconvenienced as little as possible.
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Minimum password requirements, (continued)
- RE: Minimum password requirements Dave Dyer (Jul 21)
- RE: Minimum password requirements John Vill (Jul 19)
- RE: Minimum password requirements Robinson, Sonja (Jul 19)
- RE: Minimum password requirements dave kleiman (Jul 20)
- RE: Minimum password requirements Roger A. Grimes (Jul 19)
- Re: Minimum password requirements Ed Spencer (Jul 19)
- RE: Minimum password requirements BĂ©noni MARTIN (Jul 19)
- RE: Minimum password requirements Hamish Stanaway (Jul 19)
- RE: Minimum password requirements Wesley Troy Scott (Jul 19)
- RE: Minimum password requirements Ruiz Cifuentes, Rolando (Jul 20)
- RE: Minimum password requirements Ferino Mardo (Jul 21)
- Re: Minimum password requirements Hamish Stanaway (Jul 21)
- Re: Minimum password requirements dmargoli (Jul 22)
- Re: Minimum password requirements Steve (Jul 23)
- Re: Minimum password requirements dmargoli (Jul 23)
- RE: Minimum password requirements Dave Dyer (Jul 26)
- Re: Minimum password requirements Ansgar -59cobalt- Wiechers (Jul 26)
- RE: Minimum password requirements Ed Spencer (Jul 26)
- Re: Minimum password requirements dmargoli (Jul 22)
- RE: Minimum password requirements Andrew Aris (Jul 23)
- RE: Minimum password requirements Jeremy Novak (Jul 26)
- Re: Minimum password requirements Jonathan Loh (Jul 26)