Password Change Day

Is it just me, or does requiring that a NT domain password be cycled every 30 days seem a little excessive?

Published by


Robert Belknap has been writing online sporadically since 2001. See the colophon for more details.

5 thoughts on “Password Change Day”

  1. The CSU is pushing for us to reset LDAP password every 180 days or so. We’ve kept things at 6 months which still drives the faculty in particular crazy. When you drop it down that far, you practically guarantee insecurity as almost everyone, even people who don’t really mind or have a good memory, will have a post-it not under their keyboard or on their monitor. Kind of defeats the purpose.

  2. Speaking as the guy who has to sort all of our automated build scheduled tasks (across 3 different machines no less) to my new password every month, I’d say ‘hell yeah’. Almost as irritating as the fact that the reminder comes up after 15 days, when the password isn’t due to be changed for another 15 days.

    I suppose if the rest of your system is properly secure, then you wouldn’t want password security to let it down, anad I can understand it, but if (like us) the security holes in other parts of the system are glaring and large, such paranoid password changing just irritates the workforce.

  3. It depends on how bad a system compromise would be. If you’re storing the company’s double-secret code that will revolutionize the world and make everyone a whole pile of cash, it’s not excessive.

    On the other hand, if all that’s on these machines is a bunch of email and miscellaneous crap, why bother changing it more than every year or so?

  4. @1: it used to be 90 days here – the new policy went into effect when they migrated the primary domain controler and upgraded some other systems (exchange, for example)

    @2: I’d actually have a harder time remembering how to type that than if I chose an entirely new pw. BTW did I mention that my new password can’t match any of my previous 8?

    @3: yep 15 days. woo hoo.

    @4: This particualar system is shared with 15-20 other people primarily to check email, (and miscellaneous crap) since labs we all work in (with the double-secret code and potentially millions of dollars worth of customer data) each have thier own sequestered network.

Leave a Reply

Your email address will not be published. Required fields are marked *