You don't, but users are too lazy to do that, normally - I except certain classes of users, such as engineers and tech writers, who are often OCD anyway.
They usually have the attention span of gnats, too, which is why a 24-hour waiting period to change passwords is just as important/effective. On Tue, Apr 28, 2009 at 20:59, Ken Schaefer <k...@adopenstatic.com> wrote: > How do you stop someone changing their password 5/10/20 times in a couple of > minutes, so as to get back to their "preferred" password? > > Cheers > Ken > > ________________________________ > From: Micheal Espinola Jr [michealespin...@gmail.com] > Sent: Wednesday, 29 April 2009 3:11 AM > To: NT System Admin Issues > Subject: Re: Password Policy - - how do you handle this? > > IMO the history is a lot more important than the min age. > > -- > ME2 > > > On Tue, Apr 28, 2009 at 12:14 PM, Louis, Joe <jlo...@guardianalarm.com> > wrote: >> >> Actually, it’s a good security. If used with history, a minimum age >> prevents users from changing passwords the history length to get their >> preferred password back. >> >> >> >> Ie. >> >> qwerty -> qwertu >> >> qwertu -> qwerty >> >> qwerty -> qwerto >> >> qwerto -> qwertp >> >> qwertp -> qwerty >> >> >> >> >> >> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] >> Sent: Tuesday, April 28, 2009 11:50 AM >> >> To: NT System Admin Issues >> Subject: Re: Password Policy - - how do you handle this? >> >> >> >> What is the theory behind this password age? >> >> >> >> Other people I know don't wash after visiting the restroom. Just because >> I know or work with them doesn't mean I'd ever shake their hand. >> >> -- >> ME2 >> >> On Tue, Apr 28, 2009 at 11:39 AM, Jeremy Anderson <jer...@mapiadmin.net> >> wrote: >> >> The security guy is insisting that we set the Min Password Age to 1 day. >> I agree in theory that this is a swell idea, but in practice, I think it >> will be a disaster. >> >> >> >> We have users that forget their passwords every other day (Don’t ask) and >> company politics that are going to let this bad habit continue. Admins >> reset the password, and set the flag that says “Must change password on next >> logon” >> >> >> >> I say, that the user will never get prompted to reset the next time they >> login, or that changing it will fail, because the password is now less than >> one day old. >> >> >> >> Security guy says “Not having that set is a bad idea, other companies do >> it, make it happen” >> >> >> >> How do you guys deal with this? >> >> >> >> Thanks >> >> Jeremy > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~