On 01/31/2017 11:30 AM, Grant NAPC wrote:
I think it's better to train them how to create those passwords on
their own and then require them to change them so that should they
reuse them elsewhere then they are only a concern for 90 days or whatever.
I am not saying that forcing a password on users is good--I am undecided...
The problem with rotating passwords is how in hell to manage them. Once
upon a time, when hardly anyone had a password and those who did had but
a single password, it was easy. But now there are a lot.
As a practical matter, how do you expect users to know their new
password if you make them change it every few weeks? Serious question.
-kb
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
