Again, how much risk are you mitigating in 30 days vs 60? (Or 15 vs 30-45?) Even a week of such access is far too long.
This problem is mitigated by properly off-boarding employees such that old accounts are disabled in a timely fashion, and tracking logon usage so that off-hours account usage of active accounts is noticed promptly. In this particular case, the technology makes the choice between option A and option B trivial, but that's not always true, and so we spend a great deal of time tackling items that add no measurable benefit. -ASB: http://XeeSM.com/AndrewBaker On Fri, Apr 16, 2010 at 2:33 PM, Charlie Kaiser <charl...@golden-eagle.org>wrote: > Not necessarily. In the case of a co-worker who logs on as another user > (using a stolen pw) for nefarious purposes, a more frequent pw change will > help. Sometimes the bad guy wants to log on as the other user... > > *********************** > Charlie Kaiser > charl...@golden-eagle.org > Kingman, AZ > *********************** > > > -----Original Message----- > > From: Andrew S. Baker [mailto:asbz...@gmail.com] > > Sent: Friday, April 16, 2010 10:05 AM > > To: NT System Admin Issues > > Subject: Re: please don't change your password! > > Almost every bad-guy is going to attempt to create a backdoor > > on the system such that the user credentials are no longer > > needed for access. > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~