I believe 'nightwatchman' hit all your foundational pwd policies. But
here are a few more to think about. Just fill in the ??? with whatever
suits your security policies. Keep in mind, the policy for normal user
accts should be different from generic/service accts.
Contain at least ??? numeric
Contain at least ??? non-numeric
Min length ???
Non-numeric in first/last position (if technically feasible)
Max consecutive identical char from any position in previous pwd ???
Max identical consecutive char ???
Contain User ID as part of pwd ???
Max change interval ??? days
Pwd expiration notification time ??? days
Number of pwd changes for which pwd cannot be reused ???
Sharing pwd ???
Non-expiring pwds ???
Pwd transmission ???
Pwd storage ???
Pwd expiration ???
Pwd filtering (if technically feasible)
Forced to change initial pwd at first logon and pwd must expire ???
hrs from date of issue
Have fun!
On 21 Apr 2006 18:13:45 -0000, nightwatchman@comcast.net
<nightwatchman@comcast.net> wrote:
Passwords should:
1.) change every 90 days
2.) contain atleast a combination of 3 classes of characters i.e. one or
more uppercase, lowercase, non alpha numeric, and numeric.
3.) not be the same as the person's name, address or birthday or easily
guessed from a person's personal information.
4.) not be written down.
5.) difficult to guess but easy to remember - phrases with substituted
character classes seem to be easy to remember and work best for this.
6.) should not be stored unencrypted
7.) centrally managed in an authentication system.
8.) they shouldnt be shared with other users.
Service accounts ofcourse aren't subject to the 90 day limit.
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
--
Alexander.Bolante@gmail.com
abolante.blogspot.com
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
