At the last place I was at, a p .r. firm, an outside "computer expert group" recommended that we set everyone's password to password. I couldn't stop laughing, but the operating v.p. wasn't laughing, I recall. There are large groups of companies who do this, apparently. I left soon, for other reasons, don't know what they did...
Here at the Museum, when I showed up, seven years ago, everyone's password was password. When I set them up with OWA, I made them all adopt a password. Many complained. Our outside auditing firm made me give passwords a 50-day life. I also added the three-of-four rule, they liked that. Changing passwords each day would be a bit much for these folks. But I know three people (one is my neighbor) who have one-minute-password key chains, so... From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, April 28, 2009 11:54 AM To: NT System Admin Issues Subject: RE: Password Policy - - how do you handle this? I do it, and it 1) doesn't create heartburn for our folks and 2) it does prompt my folks for the reset pwd upon next logon. Sean Rector, MCSE From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Tuesday, April 28, 2009 11:40 AM To: NT System Admin Issues Subject: Password Policy - - how do you handle this? The security guy is insisting that we set the Min Password Age to 1 day. I agree in theory that this is a swell idea, but in practice, I think it will be a disaster. We have users that forget their passwords every other day (Don't ask) and company politics that are going to let this bad habit continue. Admins reset the password, and set the flag that says "Must change password on next logon" I say, that the user will never get prompted to reset the next time they login, or that changing it will fail, because the password is now less than one day old. Security guy says "Not having that set is a bad idea, other companies do it, make it happen" How do you guys deal with this? Thanks Jeremy Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org <mailto:sean.rec...@vaopera.org> Phone: (757) 213-4548 (direct line) {+} Virginia Opera's 35th Anniversary Season <http://www.vaopera.org> The One You Love Celebrate with a 2009-2010 Subscription: La Bohème <http://www.vaopera.org/html/currentoperas/opera1.cfm> , The Daughter of the Regiment <http://www.vaopera.org/html/currentoperas/opera2.cfm> , Don Giovanni <http://www.vaopera.org/html/currentoperas/opera3.cfm> and Porgy and BessSM <http://www.vaopera.org/html/currentoperas/opera4.cfm> Visit us online at www.vaopera.org <http://www.vaopera.org> or call 1-866-OPERA-VA ________________________________ This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~