------------------------<snip>---------------------------
Good points. Note, however, that there's a difference between requiring
mixed-case passwords and having overly strict password rules. A rule
requiring 8-character passwords, with at least one upper case alpha, one
lower case alpha, and one numeric is not overly strict, and can be met
easily by the users.
-------------------------<unsnip>-----------------------
That's true, Walt. But how do you prevent the user from burying his id,
or an anagram of it, in the password without using an exit? We found
that to be the most prevalent security-related issue when we had to
grant acces to non-DP oriented users, like the traders on the floor at
the Chicago Board of Trade.
(Forcing regular password changes was a whole other issue. <G>)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html