|
 |
Orchid XP v8 <voi### [at] dev null> wrote:
> Our network stores the last 12 passwords. Stupidly, it enforces a
> *minimum* password age of 1 day. So, like, if your password is
> compromised the day you change it, you cannot change it until tomorrow. WTF?
> The idea, of course, is that you can't enter 12 passwords and then go
> back to your original password. As if *anybody* dumb enough to work here
> would realise they could do that.
The solution to both problems is really obvious: Make the waiting time
progressive rather than fixed. In other words, you can change your password
a second time immediately, but the third time requires something like a
minute before you can do it, the fourth time 5 minutes, and so on, until
the 12th time requires a few days or whatever.
This both prevents potential abuse *and* allows you to immediately change
your password again for whatever reason (eg. because it was reset or
because it was compromised or whatever).
Why do not developers understand trivial solutions like this?
--
- Warp
Post a reply to this message
|
|
