Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice

[Alan McKinnon <alan.mckinnon@gmail.com>]

On Wednesday 11 August 2010 20:16:42 Dale wrote:
> Stroller wrote:
> > On 10 Aug 2010, at 20:22, Hazen Valliant-Saunders wrote:
> >> ...
> >> Good Luck getting people to change them frequently and haveing your
> >> techs and it departments meeting complexity and length policy.
> > 
> > I'm pretty sure that's a trivial setting for expiration policy and a
> > PAM plugin or option to enforce complexity.
> > 
> > Stroller.
> 
> Thing about changing passwords to often, the person forgets what the
> password is.  I have a good strong password for my bank and credit
> card.  If I had to change it every month, six months or something, I
> would set it to something simple so that I could remember what the
> password is.   Then I would write it down to help me remember it as well.
> 
> Changing the password often can actually lead to other issues.


I refuse to implement password expiration policies and have a vast array of 
literature to back me up when some dimwit damager gets on his expiration high 
horse.

My users pick their own passwords - I present a list of 5 from apg and let 
them pick one. Accounts do expire if they go unused for 90 days, but not 
passwords.

What put me onto this policy? I found Gartner recommending password 
expiration. I find the best security possible is always the opposite of what 
Gartner says. Discovering how the AD admins in the company go about their jobs 
was the convincing straw :-)


-- 
alan dot mckinnon at gmail dot com