Thats a good practice if you can get the people to use things to jog their memory as to what their password is rather than writing the password itself somewhat like a lot of websites do is just a hint. ----- Original Message ----- From: [EMAIL PROTECTED] on behalf of Mathew Branyon Sent: Wed, 2/14/2007 11:23am To: general at brlug.net Subject: Re: [brlug-general] Email passwords are.. special? I am going to assume the position of a consultant (since that is my perspective). I think it depends on how secure your clients want to be. I have some clients that will actually change their passwords to their usernames. I know some that when I am working on their computer, and ask them to put in their passwords, they actually take the keyboard from me and put it in (which is the ideal practice). The people from the first group, if forced to adhere to a good standard of password strength, are generally the type to write it down on a sticky note.
I'd say yes, make the passwords separate. But you will get people asking you to reset passwords more often, or sticky notes with passwords everywhere too. But that completely depends on the client. In the case of the sticky note type people, there was an article about how to get these people to instate some sort of security on their sticky note (adding junk characters). While that is still not ideal, its a step in the right direction. --mat Dustin Puryear wrote: > So, there is always this conflict over whether accounts for email > (POP3, IMAP) should be tied to your normal account. In most > situations, companies are trying to consolidate accounts. And > companies with directories (be it LDAP or AD) definitely see this > trend continuing. Yet, there is the risk that a compromised email > password will then compromise the network. > > Now, let's assume that the communication channel is encrypted with > SSL. That should just be a given. But we still have the issue of > people having passwords stored on their phones, laptops, home > computers, etc., for their email. I know I've had several phones lost > in the past few years. None had my network information, but that could > have been there. > > What are your thoughts on whether email accounts should be separate > from normal network accounts? Pros? Cons? Should companies just not > allow external access to email via POP or IMAP and just require > Webmail access so users have to manually enter passwords? Does that > solve the real problem? I'm interested in hearing what everyone has to > say. > > --- > Puryear Information Technology, LLC > Baton Rouge, LA * 225-706-8414 > http://www.puryear-it.com > > Author: > "Best Practices for Managing Linux and UNIX Servers" > "Spam Fighting and Email Security in the 21st Century" > > Download your free copies: > http://www.puryear-it.com/publications.htm > > > _______________________________________________ > General mailing list > General at brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > _______________________________________________ General mailing list General at brlug.net http://mail.brlug.net/mailman/listinfo/general_brlug.net
