Middle ground password security policies

975 pts.
Tags:
Password policies
Security
Security management
Security policies
Windows Security
What password policies are the best without going crazy? We want security but changing passwords 2 times a month is too much. What is a healthy middle ground between security and convenience?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Stringent password policies are often in place for show…to
demonstrate that security is taken seriously. However, I think people
set themselves, their users, and their business up for failure when
their password security policies are too stringent. It’s really that
simple.

I can’t think of a compelling reason to not permit password
changes every 6-12 months or so. As long as the passwords (ideally
passphrases) are strong and easy to remember, yet very difficult to
crack and there’s no reason to suspect any password cracking or
account tampering via your system monitoring processes, then this
approach to passwords should suffice in the majority of situations.

The problem is strong passphrases are often not required
or, if they are, it’s for domain accounts only. All those other
accounts for databases, web apps, mobile devices, routers, firewalls and
the like are the ones that create the real business risks.

A
common sense approach is the best approach – just make sure you’re
covering all your bases. I’ve written a fair amount on password
management, oversights, and related goofiness and if you want to learn
more you link to that content here:
www.principlelogic.com/passwords.html

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • jinteik
    If lets say windows, you can set it to change once a month or let it be the default of 42days and force user to change after that...
    17,660 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following