Reply to post: Re: minimum password reset time

Either my name, my password or my soul is invalid – but which?

tfewster Silver badge

Re: minimum password reset time

> Which is why you should set a minimum time between changes - just don't be monumentally stupid about it.

Ugh, even that brings its own problems. Being told you can't change a password that's been compromised because the minimum time hasn't elapsed. On one of our systems, a privileged generic* account password is retrieved several times a day by different people, but can only be changed once a day. So a bunch of people can re-use the password all day, with no accountability for who did what.

A long password history usually means you don't need a minimum time. Until you meet That Guy who ruins it for everyone:

>>...casually sabotage his own monthly New Password prompts by changing his password 11 times immediately.

* Yes, they should have individual logins. But the ancient application doesn't support that, OR auditing,

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020