Andy's Blog

Don't worry. It's just me.
Andy Pedisich Tags 3DFlick Admin2008 Admin2008 Europe Admin2009 Admin2010 AdminBootCamp09 AdminCamp Birthday Bluescreen Client du jour Cloud DAOS Dell Demos Domino Admin Expertise wanted Fail Farming FixPacks Food Funny Geekishness Help Holiday coming IBM iNotes iPhone Java loopback LotusKnows Lotusphere 09 Lotusphere 2008 Lotusphere 2008 OnLine Lotusphere 2009 LS10 Mac Malware Meh Microsoft Movies MS Patches Music ND 8 ND8 ND8 Blog Template ND85 ND851 ND852 Newbiebess Notes NotesJobs Philosophical Roaming Sametime Science Security Shmicrosoft Silly Snow Stupidity Symphony technoid Technorati Technotics TheFear Traveler Upgrade Seminar Users Vista VMWare VPN Weather Worms XKCD Links Andy on Twitter Technotics Chris Miller Mary Beth Raven Susan Bulloch The Brillinator Wild Bill’s Blog Kevin Kanarski assonos Blog Paul Mooney Denny Russell Planet Lotus Ted Hardenburgh Bruce Elgort Jamie Magee Rocky Oliver Mike Kinder http://www.xkcd.com	Andy's Blog ND8 Password expiration - The dirty little secret Andy Pedisich June 11 2009 08:00:00 AM There's a fun axiom that states, "Security and convenience have an inverse relationship." The more secure you make your environment, the more inconvenient it is to use. Make passwords weak and guessing is easy, Make them really strong and people will write them on post-its an stick them on their screens. Strong or weak, most domains don't require password to change often enough to suit me. Some don't require changing them at all. In a couple of domains I've had the same password since my ID was created years and years ago. And it hasn't happened only with my Notes id either. I've had corporate account active directory passwords, AIX passwords, and even VPN passwords that are still the same for many years. Clearly, there are enterprises that serious as a heart attack about password management. I do work with shops that do enforce reasonable password strengths and reasonable password expiration periods. Kudos to you. This post clearly isn't about you. If you're an administrator for Notes or otherwise and you and your users are still using the original passwords you handed out when you created their IDs, then shame on you! There are built-in processes for managing passwords in Notes. Open the manual. Read it. Do something about it. Please. Having easy passwords that don't expire is like leaving the key to your house under the door mat. It's just a matter of time before you find an unwanted guest going through your sock drawer looking for spare change. - Andy Comments [6] Comments 1Chris Miller 6/11/2009 8:33:32 AM Password expiration - The dirty little secret Hang on Andy, dont change anything. I use your password for all my banking and that would really screw things up 2Andy Pedisich 6/11/2009 9:43:53 AM Password expiration - The dirty little secret It's a good one and It's the only password I use. You'd have to know my sister's middle name to figure it out, so it's safe with us. - Andy 3Richard Schwartz 6/11/2009 11:47:26 AM Password expiration - The dirty little secret OK... it's time for me to dust off these old posts of mine: - { http://smokey.rhs.com/web/blog/rhs.nsf/stories/moreaboutpasswords } - { http://smokey.rhs.com/web/blog/rhs.nsf/stories/PasswordArithmetic } That's my old blog, and comments are turned off, so continue the conversation here :-) -rich 4Vaughan Rivett 6/11/2009 8:41:00 PM Password expiration - The dirty little secret Andy, Just thought that I would let you know that I enjoyed reading this. 5Keith Brooks 6/11/2009 9:45:51 PM Password expiration - The dirty little secret Now hold on there a second partner, you talking about them there policy things again? RTFM just doesn't cut it for some people, maybe Vaughan can do a video of it for them? 6Grant Lindsay 6/19/2009 2:33:21 PM Password expiration - The dirty little secret Hi Andy, Good post, but I have a question: How did you know where I keep my spare change? Subject: Name: Email: Website: Add Comment:	Feeds Content Feed Comment Feed Recent Entries News Flash! IBM to release pub Downgraded server for time bei SMTP spike in CPU - Domino 8.5 More information on SMTP spike New technote on an SMTP proces Recent Comments Beijing madness Beijing madness Beijing madness Archives September 2010 (1) August 2010 (8) July 2010 (5) June 2010 (2) May 2010 (9) April 2010 (7) March 2010 (5) February 2010 (4) January 2010 (14) December 2009 (1) November 2009 (7) October 2009 (12) September 2009 (3) August 2009 (3) July 2009 (5) June 2009 (5) May 2009 (2) April 2009 (5) March 2009 (11) February 2009 (9) January 2009 (22) December 2008 (10) November 2008 (5) October 2008 (9) September 2008 (8) August 2008 (15) July 2008 (4) June 2008 (7) May 2008 (5) April 2008 (14) March 2008 (12) February 2008 (29) January 2008 (18) December 2007 (12) November 2007 (10) October 2007 (12) September 2007 (11) August 2007 (10) Andy's Twitter Resources About Me Contact Me