Yeah, including LENGTHENING the damn things. I'm on a firstname basis with the poor first level support guy on the help desk who resets passwords. :-) (as an extra special benefit, if we flumble finger three times, not only is our machine locked out, even after the help desk unlocks it and resets the password, we can't log in and have to go to another desk, log in, and reset the password to "another" new password). Luckily, ours has only been cut back to 60 days.
I should add that this won't have so much affect on those at the office. Those of us who have to connect to the intranet to check company email, or do our daily time cards have to deal with this.
The note that warned us of the change also said that we were to change our passwords and to make the new one "markedly different" from the old one. That's certainly not being enforced programatically. DAMHIKT.
You guys have only just NOW started the 30-day cycle? I've been on that for *ages*.
But yeah, the two-week notice is just stupid--unless you have a lot of people who tend to not log in for a week at a time. It may have made some sort of sense on a 90-day cycle, but not for a 30-day cycle. A more reasonable compromise is a set number of "grace" logins at the end of the password change time period before the system locks you out.
You are not the only one. I have been to places that do this..... result is less security but you try telling that to the idiots that actually made the decision I tell you they don't know anything about anything!
Its very very annoying to do that. I never understood why there is a 14 day reminder anyway its not like you get kicked off the system if you don't change your password in those 14 days... you just have to change the password when you log in after the 14 days!
My job does 90 days/14 days warning. Despite that, we still get calls to re-set passwords because the person in question hasn't "checked webmail in about 4 months, why?"
Comments 9
Reply
Reply
(The comment has been removed)
Reply
(The comment has been removed)
Reply
The note that warned us of the change also said that we were to change our passwords and to make the new one "markedly different" from the old one. That's certainly not being enforced programatically. DAMHIKT.
Reply
But yeah, the two-week notice is just stupid--unless you have a lot of people who tend to not log in for a week at a time. It may have made some sort of sense on a 90-day cycle, but not for a 30-day cycle. A more reasonable compromise is a set number of "grace" logins at the end of the password change time period before the system locks you out.
Reply
Its very very annoying to do that. I never understood why there is a 14 day reminder anyway its not like you get kicked off the system if you don't change your password in those 14 days... you just have to change the password when you log in after the 14 days!
Reply
Reply
Leave a comment