Wednesday, 16 September 2009 09:29 am

(no subject)

deckardcanine: (Default)
[personal profile] deckardcanine
I thought it mildly annoying that my network password at work had to be eight characters long. I thought it fairly annoying that I had to pick new passwords every three months. I thought it moderately annoying that I could not reuse any of my previous 24 passwords.

The new password policy foisted without warning today is far worse. Depending which source you consult, the new minimum is either 14 or 15 characters. At least three of the following types of characters need to be used: capital letters, lowercase letters, numerals, and other characters including spaces. (The system would accept all lowercase letters before.) Emailed example: "This password is easy." Passwords will be changed every two months, with the above 24 rule still in place.

At least my timesheet password still follows the old rules. It's like the old network password, only it changes every six months.
  • Current Mood: disgruntled
Threaded | Top-Level Comments Only
Date: Wednesday, 16 September 2009 03:18 pm (UTC)

From: [identity profile] nefaria.livejournal.com
Studies show that requiring employees to frequently change their passwords does not significantly increase security. Requiring strong passwords is generally a positive, but making the passwords so complicated that they can't be remembered easily creates frequent password-reset calls, which completely negates the benefit (hackers just call in asking for a reset and get the new password that way).
Date: Wednesday, 16 September 2009 04:09 pm (UTC)

jamesb: (Technobabble)
From: [personal profile] jamesb
We had a 60 day max password system like that. If your Password expired on Friday and you created a new one then, on Monday you'd be calling IT to have your password reset because you'd have forgotten the one you created on Friday.

Our solution was to have a password that was actually two parts ... a prefix that had all the required fancy characters, with a 4 number suffix that was the month and year that the password was set.
Edited Date: Wednesday, 16 September 2009 04:10 pm (UTC)
Date: Wednesday, 16 September 2009 04:14 pm (UTC)

From: [identity profile] ccdesan.livejournal.com


As you can see, this problem has been around for a long time. There are far too many Mordacs out there...
Date: Wednesday, 16 September 2009 09:26 pm (UTC)

From: [identity profile] deckardcanine.livejournal.com
Six characters? Mordac's an amateur.
Date: Saturday, 19 September 2009 08:32 am (UTC)

carlfoxmarten: (Default)
From: [personal profile] carlfoxmarten
The major problem with long, frequently-changed passwords is you tend to forget them, so it becomes common to write it down, making an even worse mess of security...
(unless you happen to figure out a method for generating passwords based on the current month and year mentally)
Threaded | Top-Level Comments Only

Profile

deckardcanine: (Default)
Stephen Gilberg

February 2026

S M T W T F S
1 234567
891011121314
15161718192021
22232425262728

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Friday, 6 February 2026 05:37 am
Powered by Dreamwidth Studios