Difference between revisions of "Talk:EDirectory"

From MicroFocusInternationalWiki
Jump to: navigation, search
(Talking Passwords)
 
Line 1: Line 1:
Hi,
 
I wanted to gauge people's opinion and current setups for password policies.
 
At PepsiCo UK we are about to roll out universal passwords but to plagiarise other people’s ideas on passwords.
 
  
Our current policy is 6 characters, 42 days reset, no duplicates and 6 grace logins
 
 
Now we can be clever with advanced universal password rules we want to provide a better level of password security without creating more helpdesk calls due to over complex policies.
 
 
So we don’t want a 26 character, dictionary proof password with at least 7 forms of punctuation 3 capital letters and 5 digits that needs to change daily and never repeat, ever.
 
 
Nor do we want people to use cola as their password.
 
 
<b>what is the best mix of security and complexity, what is your policy?</b>
 
 
We want to use self service password resets, by getting users to answer a set of questions that can be used to reset all passwords within the meta-directory. However, most suggestions I’ve had are either;
 
Obscure i.e. what did you have for lunch on January 12 1982  or
 
Obvious  i.e. what colour is your hair?
 
 
<b>what are good questions to ask users, what you do you ask them?</b>
 
 
Thanks in-advance
 
 
Paul Fallon.
 

Revision as of 14:27, 13 May 2005