nanog mailing list archives
Re: AD and enforced password policies
From: Jared Mauch <jared () puck nether net>
Date: Tue, 3 Jan 2012 09:22:31 -0500
On Jan 2, 2012, at 8:45 PM, Steven Bellovin wrote:
Minimum Length : 8 Maximum Length : 12 Maximum Repeated Characters : 2 Minimum Alphabetic Characters Required : 1 Minimum Numeric Characters Required : 1 Starts with a Numeric Character No User Name No past passwords At least one character must be ~!@#$%^&*()-_+\verb!+={}[]\|;:/?.,<>"'`!
One site I saw would break when you exceeded the maximum length but silently accept it. Making the users jump through sufficient hoops to generate a password and keep it for the sake of "security" only serve to weaken the resolve of users and complexity of passwords used. Dare I say, if a password system is too cumbersome I may reject them as an employer at some point out of frustration, or just call the help desk daily to reset the password. back to the OP question. I've used the Quest system as a user and found it useful. Having this outside any VPN for your remote users is very helpful. - Jared
Current thread:
- Re: AD and enforced password policies, (continued)
- Re: AD and enforced password policies Steven Bellovin (Jan 03)
- RE: AD and enforced password policies Jones, Barry (Jan 05)
- Re: AD and enforced password policies Gary Buhrmaster (Jan 03)
- Re: AD and enforced password policies Jimmy Hess (Jan 03)
- Re: AD and enforced password policies Måns Nilsson (Jan 04)
- Re: AD and enforced password policies Gary Buhrmaster (Jan 02)
- Re: AD and enforced password policies Steven Bellovin (Jan 02)
- Re: AD and enforced password policies Lyndon Nerenberg (Jan 02)
- Re: AD and enforced password policies Steven Bellovin (Jan 02)
- Re: AD and enforced password policies Jimmy Hess (Jan 02)
- Re: AD and enforced password policies Jared Mauch (Jan 03)