therning.org/ magnus

Here’s a sure-fire way to make sure users choose bad passwords:

• Force passwords to have a minimum length.
• Come up with some arbitrary rules regarding “complexity” of the password. E.g. that it contains at least one upper-case character and one digit.
• Keep a history of passwords. Make it huge, say at least 20.
• Force users to change passwords every 3 months.
• Prevent users from changing passwords for a number of days after a change. 5 days is good, it translates to a full week in most cases, plenty of time for the user to forget the password.
• Make sure that you hire only lazy people for the corporate helpdesk. “Lazy” in this case means that they invariably choose passwords like Acme123ⁱ when your users call in saying that they’ve forgotten the password they chose yesterday.
• Layer this on top of a centralised user database like ActiveDirectory to make it really difficult for your lazy helpdesk personnel to temporarily change the no-change-in-5-days rule for a specific user.

Close this Window Bookmark and Share This Page

Save to Browser Favorites / Bookmarks

Ask backflip blinklist BlogBookmark Bloglines BlogMarks Blogsvine BuddyMarks BUMPzee! CiteULike co.mments Connotea

del.icio.us Digg diigo DotNetKicks DropJack dzone Facebook Fark Faves Feed Me Links Friendsite folkd.com

Furl Google Hugg Jeqq Kaboodle kirtsy linkaGoGo LinksMarker Ma.gnolia Mister Wong Mixx MySpace

MyWeb Netvouz Newsvine oneview OnlyWire PlugIM Propeller Reddit Rojo Segnalo Shoutwire Simpy

Slashdot Sphere Sphinn Spurl Squidoo StumbleUpon Technorati ThisNext Webride Windows Live Yahoo!

Email This to a Friend

Copy HTML: 

 If you like this then please subscribe to the RSS Feed.

Powered by Bookmarkify™

More »

1. Change Acme to whatever company you work for.[back]