Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Management

From: Bill Cullen <billc () iinet net au>
Date: Sat, 22 Apr 2006 21:53:31 +0800
nightwatchman () comcast net said the following on 22/04/2006 2:13 AM:
> Passwords should:
>
> 1.)  change every 90 days

I've seen some people recommend 60 days and others 180 days.

> 4.) not be written down.
I'm not sure I agree. There is nothing wrong with writing down a password, provided the piece of paper with the password is secured. In this day and age we often have multiple passwords. I doubt most people can remember all of them without writing some down.
Personally, I think we need to start looking at alternatives to passwords (or at least start using devices offering one time passwords such as the RSA SecurID - I just wish they weren't so expensive). 


-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. 
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: