Manager does not believe in enforcing strong passwords...

[sandorski]

I would e-mail this thread to your boss and get you canned for setting up that kind of PW scheme. Lucky for you I'm lazy!! :|

 

[Inspector Jihad]

its overboard to have such strigent password requirements.

 

[promposive]

Originally posted by: mugs
As long as the password only grants access to the information for the person who created the password, then it's no big deal. You could suggest that they use a strong password, and you could include a javascript password strength checker next to the password box, but ultimately the user is responsible for the security of their own information.

The accounts are for different "Companies", 1 company has many many customers/customer info in it.

 

[aceO07]

I think even Windows secure password only requires 3 of the 4. Maybe you can have an option where the user can disable strong password requirements, if they understand the risks.

Send an email to your manager detailing your concerns. When he still insists on his way, talk to people above him and forward them the email. (Do it respectfully, without stepping on toes as much as possible.) At least cover your ass.

 

[Paladin3]

At some point you have to understand that your manager runs the shop. It's his responsibility to make those calls and you have to trust him enough to follow his lead. It's also your responsibility to help keep him informed (and CYA) so document your concerns completely, respectfully and professionally, then drop the issue.

Until your system gets hacked and all that customer data is floating in the wind. Then you can jump up and down like a monkey screaming "I TOLD YOU SO!!!"

 

[Vette73]

Originally posted by: Feldenak

Originally posted by: xSauronx

Originally posted by: Feldenak

Originally posted by: nakedfrog
That's a great password scheme... if you want people to write their passwords down.

8 characters is not unreasonable. Now, the 15 character passwords I'm required to use are a problem. I have to keep a list of my passwords for the different work environments on a spreadsheet here at work.

i hope that this spreadsheet is secure. there *are* password managers out there that let you secure a list of passwords with a single password.

It's in my network drive so I can access it on my telework days. At least I don't need a password to log on to the system. My CAC will let me log on and get to my network drive.

Originally posted by: Codewiz
my passwords at work have to be 15 chars long, 1 upper, 1 lower, 1 number, 1 special character. Oh and you can never repeat a password.

Gubmint?

I work Fed Gov and i have 1 system that requires what he said. Its a pain so i make ALL my passwords the same and change them all at the same time. I still have some written down for systems I don't use that much so I don;t change.

In fact i am already getting the "you have X days to change your password." So that is tomorrow.

 

[torpid]

Originally posted by: C0BRA99
This page has an interesting chart on time required to crack passwords:
http://uwadmnweb.uwyo.edu/info...security/passwords.htm

Of course the chart is based on 100,00 encryption operations per second, and that wouldn't really be an option just brute force in this case...

Maybe I will remove the special character requirement

8 Characters +upper + lower + number = 17 years

Based on that list I say you don't even need the upper case. A hacker using brute force to hack a particular user is going to take 10.7 months with just 8 + number. Are you telling me that no one would notice and prevent the brute force attack in 10 months?

 

[ForumMaster]

The idea is ok in theory. We have a password theme at work that requires atleast 8 chars, a number and a difference of atleast 1 upper case lower case. We are required to change it every 2 month and can't use the last twenty passwords. What happens is that the most common password is Password1 . The number is changed only.

 

[Feldenak]

Originally posted by: Marlin1975

Originally posted by: Feldenak
blahblahblah

I work Fed Gov and i have 1 system that requires what he said. Its a pain so i make ALL my passwords the same and change them all at the same time. I still have some written down for systems I don't use that much so I don;t change.

In fact i am already getting the "you have X days to change your password." So that is tomorrow.

Yeah, all my SAP environments are 1 password then I've got different passwords for the MDM, Workbench, and Remedy.