mailing list archives
From: "Chris Berry" <compjma () hotmail com>
Date: Tue, 18 Feb 2003 12:14:02 -0800
From: "ullmic6" <ullmic6 () web de>
one of the favorite subjects in my company seems to be the strength of
passwords. We force our users to change their mail password every 90
days. Does this make sense? Why?
Well here's my take on the subject:
1) The entire purpose of passwords is to make your network secure by
providing a simple means of authentication.
2) The duration of a password should be set in such a way that it's very
difficult to crack it before it's been changed. There are two ways to
accomplish this, increased complexity or decreased duration.
3) The problem is that if you make the complexity too high or the duration
too low, users will defeat your technology with sticky notes and the like,
so it's necessary to strike a balance between security and annoyance. You
want the strongest passwords for the shortest time that people won't try to
circumvent. Generally this means a medium to strong password for 3-6
compjma () hotmail com
"Quick, easy, or cheap; pick any two."
Help STOP SPAM with the new MSN 8 and get 2 months FREE*