× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2000

RE: change password API

  • Subject: RE: change password API
  • From: PaulMmn <PaulMmn@xxxxxxxxxxxxx>
  • Date: Fri, 31 Dec 1999 19:42:57 -0500
 
>The best thing that you can do is to make sure your users are using good
>passwords.
>(=== shameless plug for PentaSafe PS-PasswordManager ===)
>
>Jim Langston


The trouble is that a 'good' password (read "License Plate Number" (and no
vanity plates allowed)) is much harder to remember, especially if it's
changed on a regular (60 to 90 days) basis.

You have to weigh the advantage of the stronger password against the
disadvantage of the sticky label on the CRT with the password scrawled on
it.  Next to the user profile.

We require at least 6 characters, one has to be a number.  We select the
option that tracks the last 32 passwords so there aren't any recyclers.

My theory is that a minimum 6 character password, with a digit, makes a
dictionary attack less likely to succeed.

Our loophole:

The biggest problem we have is the user who picks the name of the dog, the
kid, the wife, the ATM PIN, or similar name as a password, and just
sequentially increments the number when it's time for a change.

Yes, we can activate a few more of the AS/400's password rules, but every
time we try it becomes a nightmare of complaints and failed password
changes, as the users fail to pick a valid password.

So we muddle along with less security than may be wise, but security the
users can deal with.

I should not feel unhappy, however.  If I walk through our building after
6:00 I can just walk up to a large number of PCs and work as another user.
My goal is to find a VP's session still active, slip on my gloves, and send
Email in their name.

I'll bet -that- gets people to sign off at night!   (:

--Paul E Musselman
PaulMmn@Ix.netcom.com


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.