I was only thinking about the standard user base, but I think I agree. Elucidate your thoughts? *Every* employee termination, or only upon termination where the employee/manager had access to privileged accounts?
I assume that you're thinking about rainbow tables and pass-the-hash attacks. On Wed, Mar 4, 2009 at 12:29, Michael B. Smith <[email protected]> wrote: > I think that's fine as long as you change the passwords on any > higher-privilege accounts upon every employee termination, managerial change, > or every two weeks and review the need-to-know of those passwords on a > regular basis. > > I am one of a relatively small (but growing) contingent who believes that any > higher-privilege account (including service account) should be changed far > more frequently than a low-privilege/normal-user account. > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, March 04, 2009 2:49 PM > To: NT System Admin Issues > Subject: Re: Password Policy Change > > If the account was created more than 60 days ago, setting this policy > will force a password change at next logon. > > If the account was created less than 60 days ago, setting this policy > will force a password change when the account reaches 60 days. > > FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce > a very long password (greater than 16 characters) and force the > password change at 180 or 365 days. This is spite of rainbow tables > and pass-the-hash attacks. > > Kurt > > On Wed, Mar 4, 2009 at 07:51, John Hornbuckle > <[email protected]> wrote: >> Right now, our users' passwords don't expire. We're looking at changing that. >> >> My question is this... If I decide to enable password expiration, how is the >> expiration date calculated for my users? >> >> Let's say that today I set passwords to expire every 60 days. Will all >> current users' passwords expire 60 days from today? Or will all current >> users' passwords expire today, if those passwords are 60 days or older? >> >> >> >> John Hornbuckle >> MIS Department >> Taylor County School District >> 318 North Clark Street >> Perry, FL 32347 >> >> www.taylor.k12.fl.us >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
