On the topic of secret question-based password reset, I will offer my article on password reset with Forefront Identity Manager:
http://zetetic.net/blog/2012/9/4/secure-active-directory-password-reset-with-fim-2010-r2.html --Steve On Wed, Sep 12, 2012 at 3:33 PM, Rankin, James R <[email protected]> wrote: > I'd also pay attention to how good the "forgot password" controls are. For > instance I choose a totally fictional name for anything that asks for my > mothers maiden name, kids' names, pets' names, etc. Its also worth checking > how intertwined various accounts are - anyone who hacked my Google account > for instance would have the capacity to get into a lot of other things. > > ---Blackberried > > -----Original Message----- > From: Kurt Buff <[email protected]> > Date: Wed, 12 Sep 2012 11:44:50 > To: NT System Admin Issues<[email protected]> > Reply-To: "NT System Admin Issues" > <[email protected]>Subject: Re: Password policy question > > http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all > and > http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/all > > Not primarily password related, but it illustrates that teh intarwebs > isn't a friendly place, and that security can't be shucked off. > > On Wed, Sep 12, 2012 at 11:15 AM, Jonathan Link <[email protected]> > wrote: >> Introduce him to something like Lastpass... >> >> And also point to him all the news articles for breaches, including the >> latest one for LinkedIn (he's on it, right?). >> >> >> On Wed, Sep 12, 2012 at 1:45 PM, Stefan Jafs <[email protected]> wrote: >>> >>> I told him the other day that I have about 15 - 20 different passwords >>> that I remember on a daily bases, he did not think that was possible, I >>> think it's very important not to have the same login and password for >>> everything, actually a sales guy just had his Linkedin, Yahoo accounts >>> compromised and also his Aeroplan miles stolen. >>> So I'm working on the President to add a few more variations on his >>> password, we'll see. Anyhow for the rest of the company, I'm starting to >>> enforce complex passwords. >>> >>> Stefan >>> >>> On Wed, Sep 12, 2012 at 1:26 PM, John Cook <[email protected]> wrote: >>>> >>>> Because no doubt he's the most careful employee when it comes to password >>>> security :-) >>>> John W. Cook >>>> Network Operations Manager >>>> Partnership for Strong Families >>>> >>>> From: Stefan Jafs [mailto:[email protected]] >>>> Sent: Wednesday, September 12, 2012 01:16 PM >>>> To: NT System Admin Issues <[email protected]> >>>> Subject: Re: Password policy question >>>> >>>> Thanks Jonathan, just needed to confirm, the President does not want to >>>> change his password, so I'll leave his as never expire. >>>> >>>> Stefan >>>> >>>> On Wed, Sep 12, 2012 at 11:26 AM, Jonathan Link <[email protected]> >>>> wrote: >>>>> >>>>> That's correct, Never expire takes precedence. >>>>> >>>>> On Wed, Sep 12, 2012 at 10:16 AM, Stefan Jafs <[email protected]> >>>>> wrote: >>>>>> >>>>>> Windows 2003 AD, if i turn on “Maximum password age� in GP but a user >>>>>> have "Password never expire" set in Active Directory Users and Computers >>>>>> I >>>>>> assume that it will not affect that user, am I correct it that >>>>>> assumption? >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Stefan Jafs >>>>>> >>>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>>> >>>>>> --- >>>>>> To manage subscriptions click here: >>>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>>> or send an email to [email protected] >>>>>> with the body: unsubscribe ntsysadmin >>>>> >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to [email protected] >>>>> with the body: unsubscribe ntsysadmin >>>> >>>> >>>> >>>> >>>> -- >>>> Stefan Jafs >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to [email protected] >>>> with the body: unsubscribe ntsysadmin >>>> >>>> >>>> ________________________________ >>>> >>>> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or >>>> attached to or with this Notice is intended only for the person or entity >>>> to >>>> which it is addressed and may contain Protected Health Information (PHI), >>>> confidential and/or privileged material. Any review, transmission, >>>> dissemination, or other use of, and taking any action in reliance upon this >>>> information by persons or entities other than the intended recipient >>>> without >>>> the express written consent of the sender are prohibited. This information >>>> may be protected by the Health Insurance Portability and Accountability Act >>>> of 1996 (HIPAA), and other Federal and Florida laws. Improper or >>>> unauthorized use or disclosure of this information could result in civil >>>> and/or criminal penalties. >>>> Consider the environment. Please don't print this e-mail unless you >>>> really need to. >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to [email protected] >>>> with the body: unsubscribe ntsysadmin >>> >>> >>> >>> >>> -- >>> Stefan Jafs >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
