The no 1 irritation in security policies
-
Andrei Straut wrote:
Say you are a business owner / CEO for a multimillion-dollar company specializing in defense contracts. You know many of your employees are plain dumb and barely know how to use a computer. What do you do?
Improve your hiring habits... :doh:
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
Colin Mullikin wrote:
Improve your hiring habits... :doh:
That would mean you can only hire 5.828% percent of the whole population (inside reference here[^]), and I doubt you have the budget to pay them, even for a multi-million dollar company. I am also only half-joking on this one
Full-fledged Java/.NET lover, full-fledged PHP hater. Full-fledged Google/Microsoft lover, full-fledged Apple hater. Full-fledged Skype lover, full-fledged YM hater.
-
Colin Mullikin wrote:
Improve your hiring habits... :doh:
That would mean you can only hire 5.828% percent of the whole population (inside reference here[^]), and I doubt you have the budget to pay them, even for a multi-million dollar company. I am also only half-joking on this one
Full-fledged Java/.NET lover, full-fledged PHP hater. Full-fledged Google/Microsoft lover, full-fledged Apple hater. Full-fledged Skype lover, full-fledged YM hater.
Andrei Straut wrote:
5.828% percent of the whole population (inside reference here[^])
:laugh: ... Nice job referencing your own joke. :thumbsup:
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
-
Andrei Straut wrote:
5.828% percent of the whole population (inside reference here[^])
:laugh: ... Nice job referencing your own joke. :thumbsup:
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
They were somewhat related and I just couldn't resist ;P
Full-fledged Java/.NET lover, full-fledged PHP hater. Full-fledged Google/Microsoft lover, full-fledged Apple hater. Full-fledged Skype lover, full-fledged YM hater.
-
Hi Guys I would like to discuss the no 1 problem I see with the password expiration as a security policy. I have known it to exist in every enterpise based system i have ever used , and to only possible thing I can imagine it could possibly protect you from is brute force attacks but given that other policies are far more effective(3 failed login attempt lockout) what could possibly the merrit of a password exiration policy. Cons are as follow: Usually causes users to use weaker passwords or a small variation of what their current password is Tech support constantly gets (I forgot my password or got locked out)calls Users start putting their new passwords on sticky notes or write it on a piece of paper on their desks. If it where to defend against brute force there is always a change that the new password would speed up the attack by brining the password closer to the current location of the attack. I simply wish software developers start dicarding this completely useless policy from their systems!!!!
Chona1171 Web Developer (C#), Silverlight
I agree, for the most part it is kind of overkill. For example, our version control is password protected, but you could just walk in (door's not locked most of the time), take a hard drive from a computer, pop it in another computer and get access to almost current code as everyone has the code checked out anyways. (Though, this stops you from committing as someone else, which is probably a good thing.) But besides access to proprietary code, having access to my account won't give you anything of real value...worst you could do is send some emails as me, or submit a bug to the bug tracker (so dangerous! ;P ). So I really don't see a point in having that much security on my account. What makes this more annoying is just trying to think of a password that is complex enough to meet requirements, while still being able to remember it, so I don't lock myself out of my account from too many wrong passwords. :doh: