Pelican Parts Forums
Page 2 of 2 « Prev 1 2
Show 40 post(s) from this thread on one page

Pelican Parts Forums (http://forums.pelicanparts.com/)
-   Off Topic Discussions (http://forums.pelicanparts.com/off-topic-discussions/)
-   -   Password policy for enterprise (http://forums.pelicanparts.com/off-topic-discussions/1164403-password-policy-enterprise.html)

Dixie 07-17-2024 11:30 AM
Quote:
Originally Posted by masraum (Post 12285766)
For instance, you could remember
Sec question 1 answer or 1st grade teacher: purple people eater
Sec question 2 answer or mother's maiden name: blueberry
Sec question 3 answer or first pet's name: clockwork orange

Or the question is the answer.
1) First Grade
2) Mother's Maiden
3) First Pet

wildthing 07-17-2024 03:03 PM
Quote:
Originally Posted by flipper35 (Post 12285463)
I guess what I meant was an HR policy.
We are already 16 char complex, 90 days, no less than the last 10, can't reuse within 30 days to eliminate password recycling, we use Duo and MSAuthenticator for MFA.

What we want is a written policy that they will use MFA and use a password manager to create passwords for each site they go to. Specifically a policy in HR where there are consequences for not following the policy - for example password files or handwritten passwords to keep track.

At the moment, we can only tell people to not do bad things.

My previous place where I was director of IT it was a no questions asked termination of you wrote your password down at your desk. That was in healthcare.
I've not seen this on an HR Policy/Employee Handbook. They simply reference a Security Policy. E.g. "All ACME employees are expected to follow the policies outlined in the Acme Data Privacy and Security Policy. Violations of this policy can result in disciplinary action and/or termination of employment." And then in that linked security policy document, you outline the ones you mentioned.

stealthn 07-17-2024 09:56 PM
Sorry passwords for what? What are you protecting, internal system, SaaS apps, ?

MFA and password managers are a must these days, I have hundreds of passwords for things and I don’t know a single one :) If an employee gets let go or quits, their account is disabled and they have access to nothing.
Password less is the new buzz, but start with something like Duo and Passportal, you could use the excuse the password manager forces us to use complex passwords ;)


All times are GMT -8. The time now is 06:55 PM.
Page 2 of 2 « Prev 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website


DTO Garage Plus vBulletin Plugins by Drive Thru Online, Inc.