Spartans6 meets the requirements for "complex" passwords on Windows, MSUNet,
and many, many other systems.
> -----Original Message-----
> From: MSU Network Administrators Group
> [mailto:[log in to unmask]] On Behalf Of Adam McDougall
> Sent: Wednesday, May 17, 2006 11:10 AM
> To: [log in to unmask]
> Subject: Re: [MSUNAG] Password Expiration Policies
>
> On Wed, May 17, 2006 at 11:01:04AM -0400, Chris Wolf wrote:
>
> I agree with all of this, and would add one more supporting
> comment, below.
>
> > The only scenario I can think of that expiring passwords
> > would likely help prevent is someone within your organization
> > using another individuals account to do naughtiness, say a
> > student employee using a faculty's account to change grades
> > for example.
>
> In many cases, password expiration won't even help prevent
> extended use of a
> stolen account as its advocates claim. Why? Because many
> users who are
> forced into frequent password changes develop very simple,
> obvious patterns
> for cycling through passwords. If I've been using a stolen
> account whose
> password is Spartans6 and at my next surreptitious logon it
> tells me the
> password is invalid, what would be the logical password for
> me to try? How
> much will you bet me that that obvious guess is going to work?
>
> The next password used ought to be aFh%uD)S or something
> secure enough to meet stringent required complexity
> requirements, right? :) A user can't really be blamed for
> choosing a weak password if the system allows them to do so.
>
|