Maybe 8-10 years ago there was a solution (an AD add-on/schema) I was looking at which set a password change frequency dependent on the password complexity - so a shitty 8 char, lowercase password would be acceptable but might be forced to change every 5 days. Drop a number and something uppercase in there and you might get 15/20 days. Drop a proper password and you might get 90-180 days.
I really wish that had taken off (or, more accurately I guess, had a real business case).
As an industry we tout one set of rules/principles but then enforce a slightly different version.
My main passwords (the ones I have to remember, and not store) are all over 20 characters long and maximally complex and I change them very, very rarely.
I really wish that had taken off (or, more accurately I guess, had a real business case).
As an industry we tout one set of rules/principles but then enforce a slightly different version.
My main passwords (the ones I have to remember, and not store) are all over 20 characters long and maximally complex and I change them very, very rarely.