password expiration policy (was Re: UNIX V7)
Eric Smith
eric at brouhaha.com
Fri Jun 12 15:26:46 CDT 2009
Daniel Seagraves wrote:
> (In reality however, I am most likely giving up my password expiration
> policy. The users are complaining to the owner about having to change
> their password every 60 days, and the owner has told me if they
> continue to complain the policy will be abolished
In my opinion, having a password expiration policy with such a short
period is counterproductive. It will cause the users to be more sloppy
with their passwords in various ways, including leaving the passwords
written down in places they can easily be found. It will also make
users favor weaker, more easily guessed passwords, even if the system
sets minimum requirements; users are more willing to memorize a stronger
password if they're going to use it for a fairly long time.
Eric
More information about the cctalk
mailing list