[Discuss] deadmanish login?
Kent Borg
kentborg at borg.org
Tue Jan 31 13:56:08 EST 2017
On 01/31/2017 11:30 AM, Grant NAPC wrote:
> I think it's better to train them how to create those passwords on
> their own and then require them to change them so that should they
> reuse them elsewhere then they are only a concern for 90 days or whatever.
I am not saying that forcing a password on users is good--I am undecided...
The problem with rotating passwords is how in hell to manage them. Once
upon a time, when hardly anyone had a password and those who did had but
a single password, it was easy. But now there are a lot.
As a practical matter, how do you expect users to know their new
password if you make them change it every few weeks? Serious question.
-kb
More information about the Discuss
mailing list