Re: No lockout policy... why not?
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Tue, 1 May 2007 12:50:14 -0700
Ian wrote:
Does anyone know why SBS 2003 comes with no bad-password lockout
policy by default?
I would have thought this was one of the most fundamental
good-security practices, especially for a system which is actually
designed for external access. Without this, I would have thought that
no matter how complex a password is, a 'bot can keep trying for days,
weeks, months until it hits the right password.
Yet, at the same time users are forced to set passwords of an insane
complexity level, which will cause no end of trouble for unskilled
small-business admins.
The two policies just don't add up.
I for one agree with you and not only set one up custom for each client, I
add a monitoring alert for locked accounts and a bad password threshold
alert as well.
....just don't get to aggresive with the lockout thresholds and fairly
liberal with a lockout period and a reset policy.
--
/kj
.
- Follow-Ups:
- Re: No lockout policy... why not?
- From: Dave Nickason [SBS MVP]
- Re: No lockout policy... why not?
- Prev by Date: Re: 2 email domains
- Next by Date: Internal Website Authentication
- Previous by thread: Re: 2 email domains
- Next by thread: Re: No lockout policy... why not?
- Index(es):
