|
 |
On 20/08/2011 12:03 PM, Warp wrote:
> Orchid XP v8<voi### [at] dev null> wrote:
>> Our network stores the last 12 passwords. Stupidly, it enforces a
>> *minimum* password age of 1 day. So, like, if your password is
>> compromised the day you change it, you cannot change it until tomorrow. WTF?
>
>> The idea, of course, is that you can't enter 12 passwords and then go
>> back to your original password. As if *anybody* dumb enough to work here
>> would realise they could do that.
>
> The solution to both problems is really obvious: Make the waiting time
> progressive rather than fixed.
That would work.
> Why do not developers understand trivial solutions like this?
Myself I'd probably just follow the Keep It Simple principle; no minimum
password age at all. As I say, very few people are smart enough to
realise that the system can be abused this way. Heck, most people just
/assume/ that the system keeps all passwords forever. They don't know
that 12 is our magic number.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
