[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password Security



On Thu, 27 Dec 2001, Mike Barton wrote:

> In addition to forced password changes, I'm looking for something to sit
> between the user and passwd to enforce variably strong passwords. Anyone
> have any favorite techniques/programs they'd care to share?

I have mixed feelings about forced password changes.  To me, a forced
password change causes me to loose some confidence in my admins.  Why?
It's basically telling your users you have no real intrusion detection
method, and to make up for it, you're forcing users to change passwords
(which is bad, 80% of lusers when forced just change between thier name
and "password" or make up something and put it on a sticky note on thier
monitor).

My suggestion would be to assign everybody a random password and make
whatever facility the users will be using to change thier password
difficult to use.  The stickies will eventually go away as they learn
thier password.

-- 
Baloo



Reply to: