But how does password age help with your environment's security? (BTW, you can control recycling in a Windows environment through password history)
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Providing Competitive Advantage through Effective IT Leadership* On Tue, Nov 3, 2009 at 3:13 PM, Jonathan Link <[email protected]>wrote: > If all environments were equally secure, had the same level of IT controls, > and I could ensure that my users don't recylce passwords from one > environment to the next, then yes, I'm all for this. But, I can't control > users or other environments, and the only tools I have (imperfect though > they may be) are password complexity and password age. Password complexity > is a necessity everywhere, if a user chooses to use it or not in > environments which don't require it then, so be it, but in our environment I > can ensure that. I can't control the recylcing, so the only tool I have > against that is the password age, which has another set of problems... > > -Jonathan > > On Mon, Nov 2, 2009 at 2:10 PM, Ben Scott <[email protected]> wrote: > >> On Mon, Nov 2, 2009 at 9:38 AM, David Lum <[email protected]> wrote: >> > Thoughts, comments? Oh and do read the comments. >> >> I've sometimes wondered if we wouldn't be better off enforcing (1) a >> very long minimum password length and (2) complexity checking that >> only filters stupid sequences. Thus, encouraging users to use >> non-trivial passphrases rather than passwords. >> >> Shook and Caesare sitting in a tree >> >> is going to be both hard to guess and easy to remember, while >> >> S5p$3xQ! >> >> is only hard to guess, and thus much more likely to be on a Post-It note. >> >> -- Ben >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
