Wow, so your users have to cycle through 24 passwords to get back to
the one they like. Do you prohibit rapid successive password
changes, or can they sit down and just make 24 changes in a row to
get back to their favored password (I have heard of users doing this)?
Do users know that you remember only 24 past passwords, so they can
plan this bit of subterfuge? How many of them simply increment a
number in their password, e.g., password--01, password--02, ...,
password--24, password--01? I might do that myself under those circumstances.
Glad to see no one imposes a maximum length, I hear that spells trouble.
-- dkm
At 9/28/2012 12:02 PM Friday, Cooke, Tony wrote:
>Passwords Remembered: 24
>Max Age: 365
>Min Age: 0
>Min Length: 12
>Complexity: Yes
>
>Tony Cooke
>The Eli Broad College of Business
>Michigan State University
><mailto:[log in to unmask]>[log in to unmask]
>517.884.1592
>
>
>
>From: Walters, Mike [mailto:[log in to unmask]]
>Sent: Friday, September 28, 2012 11:46 AM
>To: [log in to unmask]
>Subject: [MSUNAG] FW: AD Domain Password Policy
>
>For those running MS AD, I was wondering what you are doing for your
>end user password policy.
>
>Example:
>
>Passwords Remembered: 5
>Max Age: 90
>Min Age: 1
>Min Length: 8
>Complexity: Yes
>
>Thanks!
>
>Mike Walters, MCSA
>Network Services Manager
>ANR Technology Services
>Michigan State University
>446. W. Circle Dr
>Rm 221, Agriculture Hall
>East Lansing, Michigan 48824
>ph. 517.353.4890 x172
><mailto:[log in to unmask]>[log in to unmask]
|