This may be a weird one but here it goes.
At the moment we have a relaxed password policy, passwords have to be a certain length, expire after 90 days and you can't use the same password twice.
However, I want to enable password complexity, but here's the thing, are there anywhere that anyone knows of A standard that explains why Password Complexity uses the charterers it uses etc ?
I'm bound to be asked by someone 'why do I have to have a password that adheres to this policy' ? I'd be handy if I could find A standard or something that explains the use of complexity and why it is the way it is.
I hope you all Understand what I mean.
Have A great day!
NISTs was the big one for american companies, thus MS etc.
They suggest a lot of "stuff" :P But most of it is too blahsy for normal use: http://csrc.nist.gov/publications/dr...-sp800-118.pdf See page 20+ :P Short version being more character options = better security (Yes length matters, but in relation to same lengths etc)
my take on this would be that it enforces the user to use special characters and numbers and also includes upper case letters which creates a more secure password due to the extra amount of combinations possible
For example: password1 is a very common password/phrase used so enforcing password complexity could mean that the user then has to try a more sophisticated password like Pa55word_1
If anyone asks you for a reason behind your decision to implement password complexity I think you should just let them know the security benefits and they will soon be happy
So true that cartoon!
There are currently 1 users browsing this thread. (0 members and 1 guests)