rlb@rtpark.ge.COM (Bob Boyd 8*565-3627 13-Jul-1988 2126) (07/14/88)
Message Created @ 13-JUL-1988 21:26:53.86 Paul Clayton makes some good suggestions. Speaking for the DECUS VAX SIG Commercial Working Group and several folks I've talked with: Some people think that the right way to do passwords is to have randomly generated passwords for everybody -- not only that -- but to have them be forced to change every week to 2 weeks. This is GREAT! I am all for reasonable security for what you need at your site. If you think this is what you need, then by all means establish the policy and stick with it. This is ok if you're going for "maximum" security ... I realize it could be worse ( every 30 minutes? 8^) ) However, there are a lot of us out here in the real world with "casual" (?) users who login every day or 2 or 3. Some even less often (how about once/week?) Anyway...some of us don't mind frequently changing passwords, but do you think I'm going to sell the General Manager of our business on the frequent changes -- if it means them too? Or the other top managers ? NOT VERY LIKELY !! I would like to encourage my users to use different passwords, and I would like for them to do something reasonable to keep confidentiality, etc... So, what can we do? How many of you out there would like to see something to encourage the selection of different passwords? I would like such a scheme to be available (not mandatory) with SET PASSWORD so that the system manager can turn it on or off( and determine how much space is eaten up saving old hashed passwords) If it's available, but not mandatory, you can leave it off. But, if you want to use it, then turn it on! If you have some thoughts on this or would just like to put in your vote on this, please MAIL to me. I will collect the data on those for and against. I will report on the findings after August 15th. That should give you about 2-3 weeks to send me something. ----------------------------------------------------------------- Bob Boyd Usenet: rlb@rtpark.ge.com GE Microelectronics Ctr. Internet: rlb%rtpark.ge.com@mcnc POB 13049, MS 7T3-01 BitNet: rlb%rtpark.ge.com@relay.cs.net RTP, NC 27709-3049 Voice: (919)549-3627 GE DECnet: RTPARK::RLB GE DIALCOMM: 8*565-3627 PROFS: SSAVRNA,MECRLBT