|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
When I've setup new systems, I instruct the users to select passwords that are cryptic and follow guidelines that make them essentially impossible to crack, such as: Ol10yzZx119xa
Once a good password is found, why change it? I know there are a lot of consultants who say you must, but everywhere I've been that requires people to change passwords, I see they have written them on sticky notes and then put them on their monitor, or bookshelf or whereever. I also see the frustration level raise everytime they are trying to get into a system with a customer on the phone, and they have to tell them to wait for their session as they change their password...
Since roughly 90% of corporate break-ins are from the inside, having to change the passwords, and then sticking the passwords up, defeats the security purposes for changing passwords.
What do you think?Okay, I do have a reason for asking this: 1. convince me I'm wrong, and 2. I have a client that wants it to stop, and I need to know where in Fedora Core 6 that is setup so case I can make the change for them.
Their FC6 system is setup so the accounts go to /sbin/nologin so they don't have to change their password for email. But no one has shell access, and a few need it, thus creating the need for passwords to change.
TIA -- Karl L. Pearson karlp@xxxxxxxxxxxxxxxx http://consulting.ourldsfamily.com --- My Thoughts on Terrorism In America right after 9/11/2001: http://www.ourldsfamily.com/wtc.shtml --- The world is a dangerous place to live... not because of the people who are evil, but because of the people who don't do anything about it. - Albert Einstein --- "To mess up your Linux PC, you have to really work at it; to mess up a microsoft PC you just have to work on it." --- _______________________________________________ Redhat-install-list mailing list Redhat-install-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request@xxxxxxxxxx Subject: unsubscribe