 |
 |
Spartans6 meets the requirements for "complex" passwords on Windows, MSUNet, and many, many other systems. > -----Original Message----- > From: MSU Network Administrators Group > [mailto:[log in to unmask]] On Behalf Of Adam McDougall > Sent: Wednesday, May 17, 2006 11:10 AM > To: [log in to unmask] > Subject: Re: [MSUNAG] Password Expiration Policies > > On Wed, May 17, 2006 at 11:01:04AM -0400, Chris Wolf wrote: > > I agree with all of this, and would add one more supporting > comment, below. > > > The only scenario I can think of that expiring passwords > > would likely help prevent is someone within your organization > > using another individuals account to do naughtiness, say a > > student employee using a faculty's account to change grades > > for example. > > In many cases, password expiration won't even help prevent > extended use of a > stolen account as its advocates claim. Why? Because many > users who are > forced into frequent password changes develop very simple, > obvious patterns > for cycling through passwords. If I've been using a stolen > account whose > password is Spartans6 and at my next surreptitious logon it > tells me the > password is invalid, what would be the logical password for > me to try? How > much will you bet me that that obvious guess is going to work? > > The next password used ought to be aFh%uD)S or something > secure enough to meet stringent required complexity > requirements, right? :) A user can't really be blamed for > choosing a weak password if the system allows them to do so. >