12 Jun
2009
12 Jun
'09
1:39 p.m.
On Fri, Jun 12, 2009 at 1:26 PM, Eric Smith<eric at brouhaha.com> wrote:
Daniel Seagraves wrote:
I have a number of passwords I use, but some of the systems at my
school have both very restrictive password requirements and a short
password expiration; as a result, many students have taken to just
sticking a number on the end of their passwords and incrementing it by
one each change.
John
--
"I've tried programming Ruby on Rails, following TechCrunch in my RSS
reader, and drinking absinthe. It doesn't work. I'm going back to C,
Hunter S. Thompson, and cheap whiskey." -- Ted Dziuba
(In reality however, I am most likely giving up my password expiration
policy. The users are complaining to the owner about having to change their
password every 60 days, and the owner has told me if they continue to
complain the policy will be abolished
In my opinion, having a password expiration policy with such a short period
is counterproductive. ?It will cause the users to be more sloppy with their
passwords in various ways, including leaving the passwords written down in
places they can easily be found. ?It will also make users favor weaker, more
easily guessed passwords, even if the system sets minimum requirements;
users are more willing to memorize a stronger password if they're going to
use it for a fairly long time.
Eric