- 1 Talking Passwords
- 1.1 what is this page for?
- 1.2 what is not for
- 1.3 who started it
- 1.4 how to use the page
- 1.5 Question
- 1.6 Links
- 1.7 Forgotten Password question ideas (Challenge Response)
- 1.8 Good questions
- 1.9 questionable questions
what is this page for?
The idea of the page is to address password issues around universal passwords. Specifically;
A: What considerations are there for password policies? What are your policies? (dont use your company name)
B: Ideas for challenge/response questions and the potential downfall of these solutions?
C: Implementation considerations
I hope it will be of use for people thinking of implementing universal passwords, like me!
what is not for
This is not a support site either cool solutions or the forums should be used for that purpose
who started it
Me --Pfallon 04:19, 25 May 2005 (MDT), I've never made a Wiki before, or a webpage for that matter. I started it as i wanted to contribute to NovellÃƒÂ¢Ã‚â‚¬Ã‚â„¢s Wiki, learn how they are used and answer the questions that this page poses. feel free to reformat, add to and remove content as you see fit as long as we keep to what the page is for it doesnÃƒÂ¢Ã‚â‚¬Ã‚â„¢t matter.
how to use the page
not sure yet... please use and edit the discussion page as well as the article page, there is good content on both!
At some-Cola UK company we are about to roll out universal passwords but to plagiarise other peopleÃƒÂ¢Ã‚â‚¬Ã‚â„¢s ideas on passwords.
Our current policy is 6 characters, 42 days reset, no duplicates and 6 grace logins
Now we can be clever with advanced universal password rules we want to provide a better level of password security without creating more helpdesk calls due to over complex policies.
So we donÃƒÂ¢Ã‚â‚¬Ã‚â„¢t want a 26 character, dictionary proof password with at least 7 forms of punctuation 3 capital letters and 5 digits that needs to change daily and never repeat, ever.
Nor do we want people to use cola as their password.
Q: What is the best mix of security and complexity, what is your policy?
We want to use self service password resets, by getting users to answer a set of questions that can be used to reset all passwords within the meta-directory. However, most suggestions IÃƒÂ¢Ã‚â‚¬Ã‚â„¢ve had are either; Obscure i.e. what did you have for lunch on January 12 1982 or Obvious i.e. what colour is your hair?
Q: What are good questions to ask users, what you do you ask them?
Pass Phrases vs. Passwords http://www.microsoft.com/technet/community/columns/secmgmt/sm1004.mspx
Discussion on writing down your password.. http://it.slashdot.org/it/05/05/24/2047228.shtml?tid=172
sites which allow you to find out information that could be used to answer challenge question, Beware! http://friendsreunited.co.uk
Forgotten Password question ideas (Challenge Response)
These are questions i cant find fault with, if you disagree feel free to edit the wiki!
What is your favourite colour?
If you could meet someone from history, who would it be?
Where did you go on your first holiday?
What is your least favourite film of all time?
What is your fathers first name?
Name a memorable place
Name a memorable date
Where were you born?
These type of questions may be fine for some enviroments but could cause problems in others. On the other hand they could just be plain dumb.
|What is your shoe size?||too easy to guess as male shoe size range is small that many options? / shoe's left in the gym|
|What is your inside leg measurement?||do most people know this?
|What is your payroll id?||written on your staff ID card?|
|What is your mortgage/rent payment per month?||too personal?|
|What colour are your partner's eyes?||not everyone has a partner!|
|What is your mother's maiden name?||various Geneology databases hold lists of marrages and and maiden names (perhaps being a little paranoid here?)|
|What is your favourite beverage?||there is only one answer in my company, may be ok in yours? :)|
|What was your high school mascot?||Is this an American thing? if so could be fine for a US workforce|
|What was the name of your first pet?||not everyone has or has had a pet (believe it or not)|
|What are the last 4 digits of your social security number?||Another American thing? if so could be fine for a US workforce, or wored to include another companies equivilent|
|What is your Fathers middle name?|| Not all have a middle name and middle names often becomes sons first name
|What was your first car/bike?||Not all had a car or bike|
|What is the third letter of your home address(street name)?||This can change in time|
|How long have you lived at your current address?||This changes in line with the time!|
|Where was youe last holiday destination?||Changes with time and is talked about in the office|
|what is your favourite sports team?||talked about, everywhere|
|Favourite Food?||there is only one answer in my company, may be ok in yours? :)|
|How many children do you have?||not all of us have children and most poeple have 2.2 anyway|