eberhardt2329
asked on
passwords
I have a cpa that would like the password to not change at least for a while. they get asked to change there password, where do i tell the server to not mak ethem change passwords
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is a bad idea. You should never bow to users wishes when it comes to security. Set the password change policy to be as tough as you think is right for your data and don't flinch from it. Security policy is all about managing the users and their expectations but remembering what the fundamental need is - data protection (and your butt!). You should also ensure that the users can't re-use the last 'x' passwords where x > 5!
T