Re: Password changes more than once per day

[bauchi <lists () bauchi de>]

BK> Can someone please explain the security implications of allowing a user to change their password more than one time 
per day without involving an account administrator? What's the risk ?

BK> I specified the security requirement of not allowing a user to change their password more than once per day for an 
outsourcing project and I am being asked why. I could not remember my reasoning
BK> other than it's a requirement for microsoft security policies to ensure password history is enforced.  

BK> Thanks!

hi bob,

one of the reasons we did this, is that our policy says:
remember the last 3 password of this user and do not accept
passwords based on the last 3 used.
if the user can change his password whenever/how often 'HE/SHE' wants, he
could cycle through 3 passwords within 2 minutes and at the forth time use his old
password. and that's not wanted ;)

hth
basti


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------