[geeks] Mandatory password changes
Sridhar Ayengar
ploopster at gmail.com
Mon Dec 11 07:54:11 CST 2006
Phil Stracchino wrote:
>>> I entirely agree. Require every employee in the company to change their
>>> password every 30 days, and one or more of three things will happen
>>> depending on which of the first two you prevent:
>>>
>>> 1. 90% of the passwords in the system will be "cat", "dog", or the
>>> ever-popular "GOD".
>>>
>>> 2. 90% of your employees will switch back and forth between the same
>>> two passwords at 30-day intervals.
>>>
>>> 3. 90% of your employees will have their current password written on a
>>> Post-It note on their monitor or, at best, in their desk drawer.
>> 4. Employees will cycle through a set of random passwords and use the
>> same password over and over again to get around restrictions on repeated
>> passwords.
>
> This is a superset of (2). But, yeah. And they'll probably be written
> down....
That's not what I meant. I've come across a whole lot of people who
will cycle through four passwords *immediately* so that don't have to
switch passwords at all. I didn't mean that they cycle over the change
period.
Peace... Sridhar
More information about the geeks
mailing list