In additon to what other posters have said, I would suggest not doing your
passwords the same every time. You may need the user's password when you build
and configure the system, but once you hand over the system and account to the
user, you should change the password to something else that does not fit some
scheme.
Over time as people join your company and see what goes on, they can guess
passwords of other new users and possibly utilize that access. In fact, it only
takes one data set to guess your username/password scheme. For instance, if you
always do [initial][initial]123, I can guess every new user account you make,
especially if new employees are announced somewhere.
At least vary the last three digits every time, especially if your account
creation and hand-off to users is a manual process. If you have a password
complexity policy, not following your own policy will look bad to new
employees. Add a special character at the end. :)
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
