Managing Managers

Career Development
Hi People, I sent the email below and receieved this response re: password renewal...and was wondering what your response would be? I was just going to tell him its a default Windows setting although he's probably smarter than that, I believe password security is important and that the below really isn't too hard to ask. MANAGER: why do u guys make this so hard even the banks don't have this level of requirement try and think about your users..... MY EMAIL: Hi All, With our current password period expiring soon we are required to change our windows logon password... I've noticed there are a few people who are having difficulty. Passwords must meet the following requirements: Have atleast 8 characters; Has not been used in the previous 10 passwords; Does not contain your account or full name; Contains at least three (3) of the following four character groups: English uppercase characters (A through Z); English lowercase characters (a through z); Numerals (0 through 9); Non-alphabetic characters (such as !, $, #, %) ________________________________________________________________ Good Password Examples: Office23$ - (9 chars - 1 Capital - 2 Numerals - 1 Non alphabetic character) 42Smile^_^ - (10 chars - 1 Capital - 2 Numerals - 3 Non alphabetic characters) ________________________________________________________________ If you need any help changing your password contact the helpdesk Cheers,

Answer Wiki

Thanks. We'll let you know when a new response is added.

I would forward the email to my manager and let management respond appropriately. I would not respond to the email unless my management gave the okay. It is important you stay out of these potential conflicts. Managers react to their peers or higher much differently than to others. By the way, I have worked in many industries including banking. The security is more stringent,e.g. password must contain at least one number, consecutive letters and numbers are not permitted, your name cannot be used, last ten passwords cannot be used, and crypted user ids (no ‘bsmith’ or ‘morgant’ but ‘atazv4k’). You can program these rules into the security schemes according your company’s policy so the system validates the entries. At one job, I had to block using specific country or city names because I discovered our Japanese management used their location city-country names for passwords. There was repetitive examples when ‘tokyojapan’ and ‘losangeles’ were the passwords.

Good luck.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • AmyKucharik
    Hi Ladrick, Your password requirements don't seem out of the ordinary to me. Maybe you could provide some examples to help less imaginative users come up with strong -- but easily remembered -- passwords. A good tip on this topic is published on "Reduce resistance to creating strong computer passwords",289483,sid45_gci1220367,00.html Perhaps you'll find some advice there to share with your users. Good luck!
    940 pointsBadges:
  • Themobileone
    Hi, Just some remarks from my side. I have been in both general management and support management. This is probably the reason I see both sides here. First: I think that just reading the explanation of how a user should make his new Password tells us that they realy want to make sure that the password won't be easy to be figured out by someone (good). But the is for a user as difficuld to make as it is to remember it. This will introduce a side effect (Users will have to write down the password, to be able to remember it). We have done an investigation in a major Police headoffice. Under 70% of the keyboards, behind whiteboards and in desk drawers, we could find the (difficult) passwords. This was a huge security leak. Conclusion: Passwords should be kept in such a format that people can remember them (not only wizzkids) Second: I think that communication about your point of vieuw is possible. But just do it on a respectfull way. In this case you could have said that the password is in line with standards. That you understand that this makes live not always easy. But that the mechanism is made to increase the security of the usage of the system. I think that a manager can respect that. success Hans
    0 pointsBadges:
    If all else fails, and you work in a shop that deals with MasterCard, I believe they have a minimum set of guidelines for password expiration, and strength. If you don't feel there's any more convincing arguement you can make, you can blame MasterCard (It made a great excuse to clean up security on our warehousing system a few while back. Even though our warehouse didn't fall under the required category, there was no reason not to let management believe it did.)
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: