Home > Ask the Enterprise Desktop Experts > Questions & Answers > Password change time frames
Ask The Enterprise Desktop Expert: Questions & Answers
EMAIL THIS

Password change time frames

Kevin Beaver EXPERT RESPONSE FROM: Kevin Beaver

Pose a Question
Other Enterprise Desktop Categories
Meet all Enterprise Desktop Experts
Become an Expert for this site


Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 12 May 2006
We have implemented a password management tool which has allowed us to set several password strengthening policies. We also have the lockout parameter set on all accounts so that an account is locked after three failed attempts. We don't allow users to re-use a password within a year's time. We also have a fairly good security awareness program, which among other things regularly educates users on the risk of choosing a weak password.

We have been getting feedback from our Help Desk area that password issues are one of their top call volumes. We have kicked around the idea of moving from a 30-day expiration to a 60 or 90-day expiration to try to reduce the number of Help Desk calls for password issues. What are the down sides to this approach?


>
I think the "downsides" are going to be that your help desk team and your end users are going to end up being more productive. There is a certain amount of risk involved with not changing passwords periodically in that an account could be brute-forced or dictionary-attacked in between password changes. However, with the time-memory trade-off utilized by RainbowCrack, Ophcrack, Proactive Password Auditor, etc. it's essentially a moot point. Rainbow tables (pre-calculated password hashes) enable the cracking of passwords in very short periods of time. I recommend requiring password changes every 6 months or one year at the most. As long as there's no reason to suspect password compromise, I don't think it's good for business to do it any more often.

View questions and answers from all of our Windows security experts here.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Desktop Solutions - Windows for Enterprise
HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts