Difference between revisions of "Talking Passwords"

From MicroFocusInternationalWiki
Jump to: navigation, search
m
m
Line 3: Line 3:
 
<br>
 
<br>
 
The idea of the page is to address password issues around universal passwords.  Specifically;
 
The idea of the page is to address password issues around universal passwords.  Specifically;
<h4>A: What considered are there for password policies? What are your policies ''(dont use your company name)''</h4>
+
<h4>A: What considerations are there for password policies? What are your policies? ''(dont use your company name)''</h4>
 
<h4>B: Ideas for challenge/response questions and the potential downfall of these solutions?</h4>
 
<h4>B: Ideas for challenge/response questions and the potential downfall of these solutions?</h4>
 
<h4>C: Implementation considerations</h4>
 
<h4>C: Implementation considerations</h4>
Line 12: Line 12:
 
===who started it===
 
===who started it===
 
Me --[[User:Pfallon|Pfallon]] 04:19, 25 May 2005 (MDT), I've never made a Wiki before, or a webpage for that matter.  I started it as i wanted to contribute to Novell’s Wiki, learn how they are used and answer the questions that this page poses.
 
Me --[[User:Pfallon|Pfallon]] 04:19, 25 May 2005 (MDT), I've never made a Wiki before, or a webpage for that matter.  I started it as i wanted to contribute to Novell’s Wiki, learn how they are used and answer the questions that this page poses.
feel free to reformat add to and remove content as you see fit as long as we keep to what the page is for it doesn’t matter.
+
feel free to reformat, add to and remove content as you see fit as long as we keep to what the page is for it doesn’t matter.
 
===how to use the page===
 
===how to use the page===
n''ot sure yet...    please use the discussion page as well as the article page, their is good content there too!''
+
n''ot sure yet...    please use the discussion page as well as the article page, there is good content too!''
 
===Question===
 
===Question===
  
At some-Cola company we are about to roll out universal passwords but to plagiarise other people’s ideas on passwords.
+
At some-Cola UK company we are about to roll out universal passwords but to plagiarise other people’s ideas on passwords.
  
 
Our current policy is 6 characters, 42 days reset, no duplicates and 6 grace logins
 
Our current policy is 6 characters, 42 days reset, no duplicates and 6 grace logins
Line 27: Line 27:
 
Nor do we want people to use cola as their password.
 
Nor do we want people to use cola as their password.
  
<b>what is the best mix of security and complexity, what is your policy?</b>  
+
'''Q:''' <b>what is the best mix of security and complexity, what is your policy?</b>  
  
 
We want to use self service password resets, by getting users to answer a set of questions that can be used to reset all passwords within the meta-directory. However, most suggestions I’ve had are either;  
 
We want to use self service password resets, by getting users to answer a set of questions that can be used to reset all passwords within the meta-directory. However, most suggestions I’ve had are either;  
Line 33: Line 33:
 
Obvious  i.e. what colour is your hair?  
 
Obvious  i.e. what colour is your hair?  
  
<b>what are good questions to ask users, what you do you ask them?</b>
+
'''Q:''' <b>what are good questions to ask users, what you do you ask them?</b>
  
 
Thanks in-advance
 
Thanks in-advance

Revision as of 16:32, 25 May 2005

Talking Passwords

what is this page for?


The idea of the page is to address password issues around universal passwords. Specifically;

A: What considerations are there for password policies? What are your policies? (dont use your company name)

B: Ideas for challenge/response questions and the potential downfall of these solutions?

C: Implementation considerations

I hope it will be of use for people thinking of implementing universal passwords, like me!

what is not for

This is not a support site either cool solutions or the forums should be used for that purpose

who started it

Me --Pfallon 04:19, 25 May 2005 (MDT), I've never made a Wiki before, or a webpage for that matter. I started it as i wanted to contribute to Novell’s Wiki, learn how they are used and answer the questions that this page poses. feel free to reformat, add to and remove content as you see fit as long as we keep to what the page is for it doesn’t matter.

how to use the page

not sure yet... please use the discussion page as well as the article page, there is good content too!

Question

At some-Cola UK company we are about to roll out universal passwords but to plagiarise other people’s ideas on passwords.

Our current policy is 6 characters, 42 days reset, no duplicates and 6 grace logins

Now we can be clever with advanced universal password rules we want to provide a better level of password security without creating more helpdesk calls due to over complex policies.

So we don’t want a 26 character, dictionary proof password with at least 7 forms of punctuation 3 capital letters and 5 digits that needs to change daily and never repeat, ever.

Nor do we want people to use cola as their password.

Q: what is the best mix of security and complexity, what is your policy?

We want to use self service password resets, by getting users to answer a set of questions that can be used to reset all passwords within the meta-directory. However, most suggestions I’ve had are either; Obscure i.e. what did you have for lunch on January 12 1982 or Obvious i.e. what colour is your hair?

Q: what are good questions to ask users, what you do you ask them?

Thanks in-advance


Links


Pass Phrases vs. Passwords http://www.microsoft.com/technet/community/columns/secmgmt/sm1004.mspx
Discussion on writing down your password.. http://it.slashdot.org/it/05/05/24/2047228.shtml?tid=172

forgotten password question ideas

What is your shoe size? (too easy to guess?)
What is your inside leg measurement? (do most people know this?)
What is your payroll id?(fairly easy to guess)
What is your favourite colour?
What is your mortgage/rent payment per month?(too personal?)
What colour are your partner's eyes?(not everyone has a artner)
What is your mother's maiden name?
What is your favourite beverage?
What was your high school mascot?
What was the name of your first pet?
What is your favourite colour? (People's hair colour changes - don't use)
What is your mother's maiden name?
What are the last 4 digits of your social security number?