I hate changing passwords
January 18, 2006For a while now, my employer has had a rule that you must change your Windows password every 90 days. It’s baked into our Windows network–the system starts popping up reminders about two weeks before the due date for your next password switch.
That was fine with me, I have a set of passwords that I would rotate thru and that worked without any problems. But last quarter the IS department implemented a new guideline–the passwords now have to be much stronger cryptographically. The system no longer accepts passwords that are based on real words. Instead you must have at least one numeral and one symbol, and at least one lower-case and one upper-case letter.
Yes I understand that makes it harder for bad guys to guess at the passwords but it is a real pain for the user to create and remember. Besides, for those of us from the engineering department I think the real vulnerability is our UNIX passwords, not the NT passwords. Those have never changed–there’s no similar policy enforced for the UNIX logins. I have the same UNIX login now that I created when I first started working here in the mid 90’s. Something like 10 years with the same password. That can’t be safe at all, but you’d create a massive uproar if you tried to get engineering to change passwords on a regular basis.
I suppose in this era of endless Windows worms and viruses we have to do something to help protect those networks. So I’ve got 7 days left to come up with my next Windows password.
TrackBack URI