Re: Impact of changing password policy
- From: "Hank Arnold" <rasilon@xxxxxxx>
- Date: Tue, 26 Jul 2005 04:37:27 -0400
Short answer is... No. You are making the passwords permanent. You will have
to manually expire their passwords to enforce the rule. If they decide to
change the password on their own, the 7 character limit will be imposed.
FWIW, I think this is a **VERY BAD** decision. Having non-expiring passwords
is a security hole the size of Lake Michigan. I know from experience the
grief people (and executives, especially) give you when they are forced to
change their passwords. My advice would be to lengthen the time. 42 days is
very short and would, I think, only be imposed in situations where security
is critical. How about making it every 90 days or even 180 days? *Any*
period is far, far better than none....
--
Regards,
Hank Arnold
"Jim Hatfield" <jim.hatfield@xxxxxxxxxxxx> wrote in message
news:7tn9e1908p3b1m2poaitpfesqd4r2jqro9@xxxxxxxxxx
> The current password policy on our Win2K setup requires
> passwords to be at least 6 characters and for them to be
> changed every 42 days. For various political reasons I want
> to remove the enforced change and compensate by increasing
> the minimum length to 7 characters.
>
> If I do this, will everyone be immediately forced to change
> their password, since their current 6-character password
> no longer meets the policy? (this would be a bad thing to
> happen...)
>
>
> --
> Jim Hatfield
.
- References:
- Impact of changing password policy
- From: Jim Hatfield
- Impact of changing password policy
- Prev by Date: Re: 2 GCs in a single domain?
- Next by Date: Intermittant Roaming Profile Problem
- Previous by thread: Re: Impact of changing password policy
- Next by thread: LDAP Queries
- Index(es):
Relevant Pages
|
