Home page logo
/

basics logo Security Basics mailing list archives

Re: passwords
From: "Chris Berry" <compjma () hotmail com>
Date: Tue, 18 Feb 2003 12:14:02 -0800

From: "ullmic6" <ullmic6 () web de>
one of the favorite subjects in my company seems to be the strength of
passwords. We force our users to change their mail password every 90
days.  Does this make sense? Why?

Well here's my take on the subject:

1) The entire purpose of passwords is to make your network secure by providing a simple means of authentication. 2) The duration of a password should be set in such a way that it's very difficult to crack it before it's been changed. There are two ways to accomplish this, increased complexity or decreased duration. 3) The problem is that if you make the complexity too high or the duration too low, users will defeat your technology with sticky notes and the like, so it's necessary to strike a balance between security and annoyance. You want the strongest passwords for the shortest time that people won't try to circumvent. Generally this means a medium to strong password for 3-6 months.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Quick, easy, or cheap; pick any two."

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]