The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
Topic for debate: changing passwords by nix2005-05-16 11:03:40
  One reason that I can think of in favor by merlin 2005-05-16 11:08:32
is to help backstop your access removal process.

If your system is configured to lockout an account after the password has expired, then this will help you clean up accounts that should have been terminated but weren't. For instance, if an employee transfers to a different job and the access removal request is never submitted by the "losing" manager, then a password expire policy will help guarantee that the employee's ccount cannot be abused.

Also, from the hacker/trojan point of view, how many scripts are smart enough to recognize a "change your password" prompt and take the required actions, and then remember what the new password is, system by system? Granted, they could be updated to include that functionality, but I don't think they do it right now. So, it does provide a mitigating factor to root hacks, etc.

--
merlin
[ Reply ]
    hmm by unjust2005-05-16 11:36:52

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)