Well here's my take on the subject:From: "ullmic6" <[EMAIL PROTECTED]> one of the favorite subjects in my company seems to be the strength of passwords. We force our users to change their mail password every 90 days. Does this make sense? Why?
1) The entire purpose of passwords is to make your network secure by providing a simple means of authentication.
2) The duration of a password should be set in such a way that it's very difficult to crack it before it's been changed. There are two ways to accomplish this, increased complexity or decreased duration.
3) The problem is that if you make the complexity too high or the duration too low, users will defeat your technology with sticky notes and the like, so it's necessary to strike a balance between security and annoyance. You want the strongest passwords for the shortest time that people won't try to circumvent. Generally this means a medium to strong password for 3-6 months.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Quick, easy, or cheap; pick any two."
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
