First, you could create a separate domain for the high-risk areas, which would have other advantages as well, as...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
they could manage other differences (length of password, history, account lockout, etc.). Second, while there is only one enforceable password expiration policy per domain, there is no reason they cannot procedurally insist on their group passwords being changed at whatever schedule. They also could write scripts to check on this and possible e-mail users who failed to follow the policy, or make some other change that would be effective in enforcing the policy. Of course, they might also write custom software to enforce more frequent password changing.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.