I have a number of systems that I log into for work and all of them require passwords. The majority of them enforce some periodic changing. Usually I don't mind, however this week something strange is happening. About once a day I get locked out of my account because some automated program is trying to log into my e-mail with the wrong password. After a certain number of attempts, the system just locks me out. I have to call our help desk and have them unlock my account. This has me questioning rules in general.
As I started out with, I have a number of passwords I have to remember for work. Off the top of my head I can think of about a dozen. Generally I like to keep most of my work passwords the same. However since I am forced to change some of them on differing intervals, they are now out of sync. In fact they all seem to be different right now and that creates a problem: I can't remember which one is which. This requires me to request a new password. It seems to me that resetting passwords is yet another security risk.
I have to ask if requiring me to reset my password every 90 days is really an effective security protocol? If I only had one password to remember, I think 90 days is a reasonable amount of time. Considering I have a dozen passwords, I think 90 days is too short. Perhaps those responsible for security should consider that as they set policy and take a broader view instead of just the simple case.
Subscribe to:
Post Comments (Atom)
The best solution, but somewhat inconvenient, is to use a password manager. I use Password Safe (http://passwordsafe.sourceforge.net/) but there are plenty of others. It's great for all those passwords you don't use very much.
ReplyDelete