Quote:
Originally Posted by onewhippedpuppy
It really doesn't matter. You can have the greatest password on Earth, but then the website gets hacked and they have your data anyway. It always amuses me how IT Security weenies create password rules that virtually guarantee you will have to write them down, make you change them every 30 days, but then can't protect the data. Yes, overly convoluted password rules are a pet peeve of mine.  |
For Active Directory I require our users have at least 8 characters and use letters, numbers, and/or caps and punctuation. This rotates every 180 days but they can change it sooner if the like. If you go every 90 days people start writing them down since you can't have similar passwords when you change. After 5 unsuccessful attempts you get locked out and have to call one of us IT Security weenies. This is to prevent someone physically at the computer from gaining access that shouldn't have access. There are other things in place for other types of security breaches.
Since we are in healthcare if we find a Post-It with your AD password you can be terminated.
Passwords for forums such as this aren't as complex as what I use for banking and such. Again, to keep
people from gaining access not script kiddies and such.