On 01/31/2017 01:56 PM, Kent Borg wrote:
On 01/31/2017 11:30 AM, Grant NAPC wrote:
I think it's better to train them how to create those passwords on
their own and then require them to change them so that should they
reuse them elsewhere then they are only a concern for 90 days or
whatever.
I am not saying that forcing a password on users is good--I am
undecided...
The problem with rotating passwords is how in hell to manage them.
Once upon a time, when hardly anyone had a password and those who did
had but a single password, it was easy. But now there are a lot.
As a practical matter, how do you expect users to know their new
password if you make them change it every few weeks? Serious question.
Most businesses force password changes on their employees periodically,
usually every 90 days. They also force standards like 8 characters, at
least 1 lower and upper case and 1 number. I personally use lastpass to
generate my random passwords with 12 characters. I personally prefer
using RSA keys.
--
Jerry Feldman <[email protected]>
Boston Linux and Unix http://www.blu.org
PGP key id:B7F14F2F
PGP Key fingerprint: D937 A424 4836 E052 2E1B 8DC6 24D7 000F B7F1 4F2F
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
