[Discuss] deadmanish login?

[gaf.linux at gmail.com (Jerry Feldman)]

On 01/31/2017 01:56 PM, Kent Borg wrote:
> On 01/31/2017 11:30 AM, Grant NAPC wrote:
>> I think it's better to train them how to create those passwords on 
>> their own and then require them to change them so that should they 
>> reuse them elsewhere then they are only a concern for 90 days or 
>> whatever.
>
> I am not saying that forcing a password on users is good--I am 
> undecided...
>
> The problem with rotating passwords is how in hell to manage them. 
> Once upon a time, when hardly anyone had a password and those who did 
> had but a single password, it was easy. But now there are a lot.
>
> As a practical matter, how do you expect users to know their new 
> password if you make them change it every few weeks? Serious question.
Most businesses force password changes on their employees periodically, 
usually every 90 days. They also force standards like 8 characters, at 
least 1 lower and upper case and 1 number. I personally use lastpass to 
generate my random passwords with 12 characters. I personally prefer 
using RSA keys.


-- 
Jerry Feldman <gaf.linux at gmail.com>
Boston Linux and Unix http://www.blu.org
PGP key id:B7F14F2F
PGP Key fingerprint: D937 A424 4836 E052 2E1B  8DC6 24D7 000F B7F1 4F2F