Ted MacNEIL wrote:
BTW: I changed 3 strikes rule to 5 strikes and number of password reset
issues was reduced over half (less than 50% left).
We have no control of 'N'.
Our security department picked three.
Some auditors told me that it should be 3. I always asked why - "because
it should be 3. Everywhere is 3". My answer: "here is 5, si it invalid
number? It's not true about everywhere, because in many places it's
infinity".
I also discussed it on RACF-L.
The only reasonable answer I've got is it came from baseball rule:
"three strikes and you're out".
Maybe the rule sounds different I have no idea about baseball rules. I'm
not sure if there are any. <g>
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
