Password policies that aren’t too crazy but effective

975 pts.
Tags:
Open IT Forum
Password management
Password policies
Security management
Security policies
What password policies are the best without going crazy? We want security but changing passwords 2 times a month is too much. What is a healthy middle ground between security and convenience?

Answer Wiki

Thanks. We'll let you know when a new response is added.

I am used to either a 60 or 90 change period of time.
Also, if people have multiple places where the need a password, they should only have to change it in place and then have that change cascade down to the other locations.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mariodlg
    1. Require changing password at least once at month. 2. Require letters and number. 3. Not too similar to the username. 4. Not use a dictionary word. 5. Not too short 6. Not equal to the 6 previous passwords.
    2,790 pointsBadges:
    report
  • Yorkshireman
    What are you securing? 1 system - many ? financial data ? - value? text of obscure novels - not valuable ? what hardware? - built in likelihood for hacking - windows harder to hack - linux impossible to hack - IBM i Inside a firewall and DDMZ ? on the internet ? consider the relative risks and how much aggractaion you or the users should endure. if you are reliant on a password, make it long, so a user can make a sentence a password. "My monkey is 83 and knitted" is memorable, so not written down. Systems which keep simple files of passwords are vulnerbale if bad people can get the file and attck it to decode. If all they can do is get to a sign on and attempt multiple passwords, have the system close down after 3 / 5 / 9 (pick a low number) wrong entries
    5,580 pointsBadges:
    report
  • jinteik
    i use 42days, but some other options is once a month or once every 2 months
    17,370 pointsBadges:
    report
  • TeachMeIT
    [...] 5. Batye, Jinteik, and Gabe9527 answered some questions about an NAS device on a network. 6. CharlieBrowne, Mariodlg, and Yorkshireman gave some great tips for a member asking for password policies that are effective but not too crazy. [...]
    0 pointsBadges:
    report
  • TeachMeIT
    [...] 1. Mariodlg, CharlieBrowne, Yorkshireman, and Jinteik gave some pointers to a member looking for password policies that are effective but not crazy. [...]
    0 pointsBadges:
    report
  • TeachMeIT
    [...] you’re dealing with the CTO or the summer intern, offering manageable ways to deal with password security in the enterprise can only make your job [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following