Password policy

ByMike McBride Reading Time: 2 minutes

After my experiences today I’m reconsidering the way I look at password policies. I had to go around and install the new drivers for that Canon copier/printer today on about 15 machines. The install involved installing the Canon LPR port, installing the print driver, restarting, and then entering the Department ID information for the print job accounting functions. So I would sit down at a PC, run the installers, and ask the user to enter their password when the PC restarted. Most of them would just tell me what the password was instead of getting up from where they had settled to type it. A couple of these folks had to get up and type it in because they couldn’t remember it. Typing it in had become such a routine that they couldn’t tell you what it was, but they could type it. That told me two things:

1) I’m obviously not making them expire often enough. (I already knew that, but since there are no direct internet-facing PC’s, everything sits behind another company’s whole network infrastructure, and it’s a small enough environment that I can keep a pretty close eye on things, I have been more lax than I would be in any other situation. I don’t make them change it as often as most of you probably do with your users.)

2. You could never use social engineering to get these people’s passwords. They can’t tell you what they are! Maybe there’s something to be said for letting people type in the same password for long periods of time, making it such a routine that they can’t give it to anyone else. 🙂

Share with your friends!
LinkedInBlueskyMastodonThreadsRedditBuffer

Similar Posts

  • Random questions

    ByMike McBride Reading Time: 2 minutes

    Just some things I have questions about, that I’m hoping maybe some of my readers might have some information on. Warning, some of them may be obvious, I’m just having trouble finding the obvious solution! – Why does Gmail sometimes take two attachments that I send with an email and mash them into one DAT…

  • Excuses

    ByMike McBride Reading Time: 1 minute

    OK, it’s an excuse, I know. But you know those projects I was going to work on last night? They really relied on having an internet connection to accomplish most of what I wanted to do. Unfortunately, RoadRunner did not see fit to provide a working internet connection! I’ve done the support email thing, since…

  • Wow..

    ByMike McBride Reading Time: 2 minutes

    Just when I spent last night thinking that my site traffic had slowed down somewhat since the outage this weekend, Chris mentions me in Today’s Lockergnome along with seven other blogs that he visits but which aren’t well known. (And are very good by the way!) Thanks Chris, and thanks for stopping by all you…

  • |

    Big Bug in OpenSSL, Change Passwords

    ByMike McBride Reading Time: 1 minute

    Even if you don’t know what OpenSSL is, go over to Mashable and check out their breakdown of which sites were vulnerable and where you should change your passwords. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ Go now. Do not pass go, do not collect two hundred dollars. Follow these topics: SocialNetworking, Tech

  • Comments fix?

    ByMike McBride Reading Time: 1 minute

    Andy tells me that he got aspcomments working with the new, longer blogids that the new version of blogger is going to be kicking out. I haven’t tried it yet on the test blog, but probably will tonight. Hmm here’s a pretty good hint that I should learn more about programming myself, huh? I knew…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)