Re: AD and enforced password policies

[Jared Mauch <jared () puck nether net>]

On Jan 2, 2012, at 8:45 PM, Steven Bellovin wrote:

>      Minimum Length : 8
>      Maximum Length : 12
>      Maximum Repeated Characters : 2
>      Minimum Alphabetic Characters Required : 1
>      Minimum Numeric Characters Required : 1
>      Starts with a Numeric Character
>      No User Name
>      No past passwords
>      At least one character must be ~!@#$%^&*()-_+\verb!+={}[]\|;:/?.,<>"'`!

One site I saw would break when you exceeded the maximum length but silently accept it.  Making the users jump through 
sufficient hoops to generate a password and keep it for the sake of "security" only serve to weaken the resolve of 
users and complexity of passwords used.

Dare I say, if a password system is too cumbersome I may reject them as an employer at some point out of frustration, 
or just call the help desk daily to reset the password.

back to the OP question.  I've used the Quest system as a user and found it useful.  Having this outside any VPN for 
your remote users is very helpful.

- Jared