Security Basics mailing list archives
RE: passwords
From: Vince Dang <VinceDang () HondaFCU org>
Date: Wed, 19 Feb 2003 10:14:16 -0800
Ullmic, The answer depends on what other things you have in place. You want to reach a comfortable point between security and inconvenience. 90 days would be reasonable if you enforce complex passwords with at least 8 characters minimum. (Both NT 4 & W2k have that feature.) You would also set the policy to not allow usage of the last 10 passwords. On the people side, you need to educate users and conduct regular audits to make sure they don't write them on sticky notes near their stations. Overall, it comes down to how much risk is acceptable for your company. If you look at security as risk management, it will help you address the problem better. Regards, Vince -----Original Message----- From: ullmic6 [mailto:ullmic6 () web de] Sent: Monday, February 17, 2003 11:02 AM To: security-basics () securityfocus com Subject: passwords Hello all, one of the favorite subjects in my company seems to be the strength of passwords. We force our users to change their mail password every 90 days. Does this make sense? Why? -- ullmic
Current thread:
- RE: passwords, (continued)
- RE: passwords Robert Sieber (Feb 19)
- RE: passwords Jeff Harris (Feb 20)
- Re: passwords simsjs (Feb 19)
- Re: passwords multics (Feb 19)
- Re: passwords jl (Feb 20)
- Re: passwords Ross Nelson (Feb 19)
- RE: passwords Tim V - DZ (Feb 19)
- Re: passwords eer7y3n0h (Feb 19)
- Re: passwords Chris Berry (Feb 19)
- RE: passwords Robinson, Sonja (Feb 19)
- RE: passwords Vince Dang (Feb 20)
- RE: passwords Chris Berry (Feb 20)
- Re: passwords Chris Berry (Feb 20)
- RE: passwords Shanna Daly (Feb 20)
- RE: passwords Trevor Cushen (Feb 20)
- Re: passwords Glen Mehn (Feb 20)
- RE: passwords Tim Heagarty (Feb 20)
- RE: passwords Högman, Lars (Feb 22)
- RE: passwords Robert Sieber (Feb 19)