|
|
Sponsored Content
Special Forums
Cybersecurity
IT Security RSS
What Is The "Best" Password Policy?
Post 302367388 by Linux Bot on Monday 2nd of November 2009 12:00:03 PM
11-02-2009
What Is The "Best" Password Policy?
I recently overheard a colleague mention that, in hisopinion, the best form of password security for their enterprise is to notenforce monthly or quarterly password changes for their employees. His reasoning? Enforcing tough passwords andforcing your employees to change them periodically often forces the employees towrite down their passwords (even sometimes posting them on a sticky noteattached to their monitors or desks). This, in his opinion, is more of a security risk than not enforcingperiodic password changes.
At first, I thought that this is one of the craziest ideasthat I had ever heard. This goes against one of the most basic securityprinciples out there...make your passwords tough and change your passwords often.
Upon further thought, I decided that the logic behind this ideamakes some sense. Allowing your employees to maintain their passwords for anindefinite amount of time may help to alleviate those people that insist onwriting down their passwords. This beingsaid, I do not think that this is a viable solution. Whether or not you force your employees tochange their passwords or not, there will always be those that like to writethem down. In addition, the risk thatyou would take in allowing indefinite access through a compromised accountwould outweigh the risk of someone reading a password.
More...
At first, I thought that this is one of the craziest ideasthat I had ever heard. This goes against one of the most basic securityprinciples out there...make your passwords tough and change your passwords often.
Upon further thought, I decided that the logic behind this ideamakes some sense. Allowing your employees to maintain their passwords for anindefinite amount of time may help to alleviate those people that insist onwriting down their passwords. This beingsaid, I do not think that this is a viable solution. Whether or not you force your employees tochange their passwords or not, there will always be those that like to writethem down. In addition, the risk thatyou would take in allowing indefinite access through a compromised accountwould outweigh the risk of someone reading a password.
More...
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi Friends,
Can any of you explain me about the below line of code?
mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`
Im not able to understand, what exactly it is doing :confused:
Any help would be useful for me.
Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies
2. Shell Programming and Scripting
hi All,
cat file_name | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g'
Can this be done by using sed or awk alone (4 Replies)
Discussion started by: harshakusam
4 Replies
3. Shell Programming and Scripting
Hi all,
can any one suggest me the script to grep multiple strings from ps -ef
pls correct the below script . its not working/
i want to print OK if all the below process are running in my solaris system. else i want to print NOT OK.
bash-3.00$ ps -ef | grep blu
lscpusr 48 42 ... (11 Replies)
Discussion started by: steve2216
11 Replies
4. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
5. Shell Programming and Scripting
logs:
"/home/abc/public_html/index.php"
"/home/abc/public_html/index.php"
"/home/xyz/public_html/index.php"
"/home/xyz/public_html/index.php"
"/home/xyz/public_html/index.php"
how to use "cut" or "awk" or "sed" to get the following result:
abc
abc
xyz
xyz
xyz (8 Replies)
Discussion started by: timmywong
8 Replies
6. Solaris
The system don't boot.
on the screen appears following:
press enter to maintenance (or type CTRL-D to continue)...I checked with format command.
... the slices "0-root","1-swap","2-backup" exist.
...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Discussion started by: wolfgang
16 Replies
7. UNIX for Dummies Questions & Answers
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
8. Shell Programming and Scripting
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies
9. AIX
Hi 2 all,
i have had AIX 7.2
:/# /usr/IBMAHS/bin/apachectl -v
Server version: Apache/2.4.12 (Unix)
Server built: May 25 2015 04:58:27
:/#:/# /usr/IBMAHS/bin/apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_worker_module (static)
... (3 Replies)
Discussion started by: penchev
3 Replies
LEARN ABOUT DEBIAN
pam_pwhistory
PAM_PWHISTORY(8) Linux-PAM Manual PAM_PWHISTORY(8) NAME
pam_pwhistory - PAM module to remember last passwords SYNOPSIS
pam_pwhistory.so [debug] [use_authtok] [enforce_for_root] [remember=N] [retry=N] [authtok_type=STRING] DESCRIPTION
This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently. This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking. OPTIONS
debug Turns on debugging via syslog(3). use_authtok When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below). enforce_for_root If this option is set, the check is enforced for root, too. remember=N The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. retry=N Prompt user at most N times before returning with error. The default is 1. authtok_type=STRING See pam_get_authtok(3) for more details. MODULE TYPES PROVIDED
Only the password module type is provided. RETURN VALUES
PAM_AUTHTOK_ERR No new password was entered, the user aborted password change or new password couldn't be set. PAM_IGNORE Password history was disabled. PAM_MAXTRIES Password was rejected too often. PAM_USER_UNKNOWN User is not known to system. EXAMPLES
An example password section would be: #%PAM-1.0 password required pam_pwhistory.so password required pam_unix.so use_authtok In combination with pam_cracklib: #%PAM-1.0 password required pam_cracklib.so retry=3 password required pam_pwhistory.so use_authtok password required pam_unix.so use_authtok FILES
/etc/security/opasswd File with password history SEE ALSO
pam.conf(5), pam.d(5), pam(8) pam_get_authtok(3) AUTHOR
pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> Linux-PAM Manual 06/04/2011 PAM_PWHISTORY(8)