On 4/26/2007 Michael Monnerie ([EMAIL PROTECTED]) wrote:
On Dienstag, 24. April 2007 16:00 Charles Marcus wrote:
I force my users to use strong passwords - 15 characters, no
dictionary words, must contain letters, numbers and special
characters (at least 4)... they yelled - for about 5 minutes, then
just accepted it.
And I guess since then there's a lot of Post-It to be found beneath
the keyboards, right?
Nope. I configure TBird to remember the password on our computers in-house.
When a password change occurs, I have some templates that makes it easy
for me to print Remote connection instructions, with passwords, on a
little card that is then laminated.
For security purposes, there is a standard method of altering the
printed password that everyone is told about verbally. It is easy to
remember, so no need to write it down, but this way if the card is
lost/stolen, the account is not automatically compromised - but, of
course, users are instructed to report such an event immediately and the
password is changed anyway.
I also always set per default strong passwords, only to find that
people change it to something like "abcd" immediately.
I don't allow users to change their passwords, but you could always use
cracklib or something like that to prevent them from using weak
passwords. I considered doing this when I first set this up, but what I
have been doing has worked very well, so most likely won't.
It is more work for me, admittedly, but I sleep much better at night. ;)
If force for complicated pwds, people write them up somewhere, which
doesn't really improve security.
As I said - they don't need to remember it here in the office, where 98%
of the access occurs, so no need to have it on a post-it.
For access outide the office, I have instructions for downloading and
setting up Thunderbird, and then they can use the laminated card I give
them that has their account instructions. Having this card in their
wallet/purse also makes it very easy to access webmail, and the added
security of altering the password that is actually printed on the card
is enough for me.
--
Best regards,
Charles
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
