Results 1 to 13 of 13
  1. Thread Author  Thread Author    #1  

    Default <RANT MODE ON> IT password policies

    Is it just me or does anyone think that some of the ridiculous password policies that IT departments impose on their networks has really gotten out of hand?

    I can COMPLETELY understand the need for security, but in my mind, the need for a 12+ length alpha-numeric-special character password with no duplicate characters and at least 2 capital letters and 2 special characters opens the door for a whole new security risk!

    If someone has to remember 10 different passwords for different applications, none of which can be the same, expire every 30 days, can't be the same as any other password used in the past 16 months, and fall into the description I listed above now introduces the need to potentially have to write the passwords all down - leaving the passwords somewhere that someone might find them, whether it be intentional or accidental.

    Fingerprint readers are the way to go I think!

    Anyone else have any thoughts on the matter?
    Last edited by jwhipple; 07-30-2010 at 10:12 AM.
  2. #2  
    Menno's Avatar
    Coffee Addict

    Posts
    689 Posts
    Global Posts
    710 Global Posts
    ROM
    CM9/Franco Kernal

    Default

    the shorter the password, the easier it is to hack. I agree it can be a little crazy, but that's the price you pay for access to information outside of an area you can only access at certain times of the day.

    my email password is 13 char long. but that's only because I was hacked once and don't want to make it easy for them a second time :P
    I'm a tech junkie with a weak spot for Good Music, Good Beer, and Excellent Coffee.
  3. #3  

    Default

    I understand the need for security as well, but couldn't they lighten up on the restriction a little bit? I'm no security expert, but is it really necessary to change the password every 30 days with such complex passwords?
    HTC Hero
    http://twitter.com/aquaboy1976
    PSN ID: aquaboy1976
    XBOX 360 Gamertag: aquaboy1976
    WordFeud: aquaboy1976
  4. #4  
    tony bag o donuts's Avatar
    Resident Ringtone Maker

    Posts
    3,904 Posts
    Global Posts
    7,013 Global Posts
    ROM
    BB JB

    Default

    hey my buddy has a storm2 and the BES security slows it down to a crawl.
    I am the one that emailed the podcast a few times because of my brother's company IT dept refuses to support android....until the CFO stepped in.
  5. #5  
    88 FLUX's Avatar

    Posts
    625 Posts
    Global Posts
    1,128 Global Posts
    ROM
    Stock

    Default

    I fully support the use of complex passwords and password expiration for various reasons. But I may also be biased due to the fact that I'm an IT administrator.
    Current: Moto X, ASUS Nexus 7 (2013)

    Standby:
    Samsung Galaxy S3, LG Nexus 4, Samsung Galaxy Nexus, HTC Thunderbolt, HTC Nexus One, ASUS Nexus 7 (2012), Motorola Xoom
  6. #6  
    franked's Avatar

    Posts
    41 Posts
    Global Posts
    199 Global Posts

    Default

    Quote Originally Posted by ock View Post
    I fully support the use of complex passwords and password expiration for various reasons. But I may also be biased due to the fact that I'm an IT administrator.
    x2.
    .frank.
  7. Thread Author  Thread Author    #7  

    Default

    Quote Originally Posted by ock View Post
    I fully support the use of complex passwords and password expiration for various reasons. But I may also be biased due to the fact that I'm an IT administrator.
    So you would rather have these ultra-strong password requirements and make it that much easier to figure out a password because someone WROTE THEM DOWN? You might as well do away with the password requirement then.
  8. Thread Author  Thread Author    #8  

    Default

    Quote Originally Posted by menno View Post
    the shorter the password, the easier it is to hack. I agree it can be a little crazy, but that's the price you pay for access to information outside of an area you can only access at certain times of the day.

    my email password is 13 char long. but that's only because I was hacked once and don't want to make it easy for them a second time :P
    And yet, the stronger the password is, the easier it is to hack - simply because you don't need to hack it - you just look at the paper that the password is written on and type it in.
  9. #9  
    jdbower's Avatar

    Posts
    750 Posts
    ROM
    CM9,Tablet Mode,Nova

    Default

    Quote Originally Posted by jwhipple View Post
    And yet, the stronger the password is, the easier it is to hack - simply because you don't need to hack it - you just look at the paper that the password is written on and type it in.
    A couple of issues with that:

    1. If you leave your password on your desk where I work you'll find that pretty quickly it doesn't work anymore because if IT sees it they'll reset your password. Do it often enough and you won't work there anymore.

    2. I'm not concerned about people with building access getting into my system, I'm concerned about you people on the interwebs breaking in.

    3. If I have physical access to your system, I don't need your password

    Try using a secure password manager. Really, it's not that hard to memorize a few strong passwords and then just vary them a bit as you need to cycle them out.
    Galaxy Nexus (VZW)
    Motorola Droid X (WiFi)/Motorola Droid 2 Global (VZW)
    Motorola 9505A (Iridium)/HP Zeen (WiFi)
  10. Thread Author  Thread Author    #10  

    Default

    It only takes 1 occasion of 1 person leaving their password somewhere it can be found for a whole hell of a lot of damage to be done.
  11. #11  
    jdbower's Avatar

    Posts
    750 Posts
    ROM
    CM9,Tablet Mode,Nova

    Default

    And it only takes one guy with a password that can be cracked by a dictionary attack to do a hell of a lot of damage. It's all about whether you'd rather protect yourself from people inside your building and on your security cameras or from people on the Internet and logged in your firewall.
    Galaxy Nexus (VZW)
    Motorola Droid X (WiFi)/Motorola Droid 2 Global (VZW)
    Motorola 9505A (Iridium)/HP Zeen (WiFi)
  12. #12  

    Default

    I work for the Government so I not only have five or six different passwords to remember. But to enter the building I need a card to flash past an electronic device, then the same card to go past the secured lobby into the remainder of the building. (I could have them buzz me into the lobby, but faster to scan the card.) When I pull mine or the company vehicle into the back past the electronic gate, I need to scan the card again.

    If I go to a larger government facility with a metal detector and a rent a cop, I need to scan my card so I can pass through the metal detector since I am sure to set it off, but I also have to flash ID on the way through.

    I won't even discuss what happens if I have to fly to somewhere, and if I have to visit Washington DC.

    I believe it might be easier just to have my forehead programmed.
  13. #13  
    88 FLUX's Avatar

    Posts
    625 Posts
    Global Posts
    1,128 Global Posts
    ROM
    Stock

    Default

    Quote Originally Posted by jwhipple View Post
    So you would rather have these ultra-strong password requirements and make it that much easier to figure out a password because someone WROTE THEM DOWN? You might as well do away with the password requirement then.
    Quote Originally Posted by jwhipple View Post
    And yet, the stronger the password is, the easier it is to hack - simply because you don't need to hack it - you just look at the paper that the password is written on and type it in.
    There are also company policies in place to prohibit the writing down of passwords in a notebook or other such item. Every password of mine that I store is in an encrypted database and/or my BlackBerry's password keeper which is protected by a single complex password.

    And yes, I know that having a signed policy stating "I will not write my passwords in a notebook" isn't going to stop people from doing it. But it does two major things: #1, it passes the blame onto them if something goes wrong instead of me. #2, it puts those employees in violation of company policy which causes them to have to deal with the repercussions (as mean as that sounds).
    Current: Moto X, ASUS Nexus 7 (2013)

    Standby:
    Samsung Galaxy S3, LG Nexus 4, Samsung Galaxy Nexus, HTC Thunderbolt, HTC Nexus One, ASUS Nexus 7 (2012), Motorola Xoom

Posting Permissions

B