Password Policy Considerations

Forcing frequent password changes. Yes, users should change their passwords. The older a password is, the more likely it will be compromised. On the other hand, requiring users to change their passwords too frequently has the same effect as assigning passwords to users – they end up writing them down! Three to six months is a reasonable password lifetime for most computing environments. Monthly or weekly changes are often excessive.

Overbearing complexity requirements. Users should not be required to remember a password containing three numbers, four uppercase letters, one lowercase letter, a punctuation character and two special symbols.

Unenforced complexity requirements. It’s great to come up with reasonable complexity guidelines and pass them along to end users, but they’re useless unless you enforce them for all users. Yes, even your highest level executive should have a complex password. Use the technical controls within your network operating system to enforce these requirements enterprise-wide.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • BlinkList
  • Blue Dot
  • del.icio.us
  • Furl
  • RawSugar
  • Simpy
  • Technorati
  • De.lirio.us
  • Digg
  • Fark
  • LinkaGoGo
  • Ma.gnolia
  • Reddit
  • SphereIt
  • Spurl
  • StumbleUpon
  • Taggly
Posted in IT Documents on Jun 30th, 2007, 1:14 pm by admin   
Mortgage Problems and Mortgage Trouble

One Response

  1. Probstisms » Blog Archive » I Have to Change My Password Again?
    July 6th, 2007 | 10:53 pm

    […] good friend, Scott Driza, from DocBuilder.com Incorporated recently wrote about password policy considerations.  I don’t know about you, but I can’t stand changing my passwords at work.  […]

Leave a reply
 
Password Policy Considerations