I think that's fine as long as you change the passwords on any higher-privilege accounts upon every employee termination, managerial change, or every two weeks and review the need-to-know of those passwords on a regular basis.
I am one of a relatively small (but growing) contingent who believes that any higher-privilege account (including service account) should be changed far more frequently than a low-privilege/normal-user account. -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Wednesday, March 04, 2009 2:49 PM To: NT System Admin Issues Subject: Re: Password Policy Change If the account was created more than 60 days ago, setting this policy will force a password change at next logon. If the account was created less than 60 days ago, setting this policy will force a password change when the account reaches 60 days. FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce a very long password (greater than 16 characters) and force the password change at 180 or 365 days. This is spite of rainbow tables and pass-the-hash attacks. Kurt On Wed, Mar 4, 2009 at 07:51, John Hornbuckle <[email protected]> wrote: > Right now, our users' passwords don't expire. We're looking at changing that. > > My question is this... If I decide to enable password expiration, how is the > expiration date calculated for my users? > > Let's say that today I set passwords to expire every 60 days. Will all > current users' passwords expire 60 days from today? Or will all current > users' passwords expire today, if those passwords are 60 days or older? > > > > John Hornbuckle > MIS Department > Taylor County School District > 318 North Clark Street > Perry, FL 32347 > > www.taylor.k12.fl.us > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
