Yep, I find myself in a similar circumstance, password length/complexity vs having users forget them or write them down which leads to the good old Social Engineering attacks as such forth.
Z -----Original Message----- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Thursday, December 27, 2007 11:22 AM To: NT System Admin Issues Subject: Re: Audit recommendation On 12/27/07, Ziots, Edward <[EMAIL PROTECTED]> wrote: > Kurt, > > I don't know if you are being serious on this or not, but I am sure you are > going > to run into a boatload of issues with trying to implement that type of > standard. Yes - there are always cultural issues surrounding this. However, there are ways to manage that. For instance, I've heard of one small company that makes it a company-wide event - password changing day. > Passwords anymore are passé, it's the weakest form of authentication and > easiest to crack. Honestly, if you want to increase the level of security at > your > company I would be looking into 2-factor authentication systems like smart- > cards proximity cards or otherwise. In theory, I agree. However, the front-end costs are not small, and it's unlikely, at least in my company, that I could sell it. Far easier to sell long passwords. Kurt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
