|
|
On 20/08/2011 11:40 AM, Le_Forgeron wrote:
> Have a small black book with the passwords, one page per system.
> For the changing systems, using a rotation of 3 entries should do it
> (they are weak, badly managed... they usually check only against the
> previous one; I only once encountered a really painful one which stored
> the 10 lasts)
Our network stores the last 12 passwords. Stupidly, it enforces a
*minimum* password age of 1 day. So, like, if your password is
compromised the day you change it, you cannot change it until tomorrow. WTF?
The idea, of course, is that you can't enter 12 passwords and then go
back to your original password. As if *anybody* dumb enough to work here
would realise they could do that.
What it /does/ mean is that if I reset somebody's password, I can't
reset it, let them log back in, and then have them change it again. They
have to wait until tomorrow (by which time they WILL have forgotten). So
they end up with a weak password for a month. (Or I reset the password
to something strong, and they whine at me for a month.)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|