Rob Slade wrote: > ... But it also told me that "It is a security best practice > to have passwords expire every 30 to 90 days, depending on your environment. > This way, an attacker has a limited amount of time in which to crack a user's > password and have access to your network resources." > > <<snip stuff I largely agree with>> > > (But then, why *is* that the default, and why is it enabled by default? ...)
It's enabled by default because MS considers it best practice. Why 42 though? Probably because it is the whole week value nearest to mid-point of the "30 to 90 days" range MS believes is best for you. (And "30 to 90 days" itself is an approximation for "one to three months".) Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
