Comments on: Forced password changes

By: davidlian

davidlian — Fri, 19 Jun 2009 01:59:26 +0000

Hey, that’s what my employer does also… better security?

By: aubrey

aubrey — Sun, 14 Jun 2009 04:22:32 +0000

shouldnt it be:
my employer (link:www.oracle.com) …….. ???

By: Ruben

Ruben — Wed, 10 Jun 2009 01:22:58 +0000

My employer makes me change my password every three months, and it can’t be the last 5 passwords I’ve used, and it has to be extremely complex.

Muchos Failure

By: ShaolinTiger

ShaolinTiger — Tue, 09 Jun 2009 08:46:28 +0000

Yah password policies are odd things, the more complex you make the requirements and the more often you require users to change their passwords the less secure it becomes.

But then you’re supposed to change passwords often enough that someone can’t crack them. Then with computational power nowadays that’s impractical too.

That’s why combining is the best option, at least 2 out of the 3 methods make things more secure (physical token, biometric, password).