diff options
author | Nicholas Johnson <nick@nicholasjohnson.ch> | 2023-03-23 00:00:00 +0000 |
---|---|---|
committer | Nicholas Johnson <nick@nicholasjohnson.ch> | 2023-03-23 00:00:00 +0000 |
commit | d15e1f775902538972131f9d98316d1a72f83e220bfbee26888ffb3a13749c8a (patch) | |
tree | 4265760554ebcf30bcfd2b67cf48a22d2a81beb641cd34d28a3c1048aec50150 /content/entry/siue-eid-creation-and-maintenance-problems.md | |
parent | 5ecd00c7099cf9ef9552c067a971948e30a0877821b8a60e34a117967916a12e (diff) | |
download | journal-d15e1f775902538972131f9d98316d1a72f83e220bfbee26888ffb3a13749c8a.tar.gz journal-d15e1f775902538972131f9d98316d1a72f83e220bfbee26888ffb3a13749c8a.zip |
Fix link rot
Diffstat (limited to 'content/entry/siue-eid-creation-and-maintenance-problems.md')
-rw-r--r-- | content/entry/siue-eid-creation-and-maintenance-problems.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/content/entry/siue-eid-creation-and-maintenance-problems.md b/content/entry/siue-eid-creation-and-maintenance-problems.md index c008e30..2f3ce85 100644 --- a/content/entry/siue-eid-creation-and-maintenance-problems.md +++ b/content/entry/siue-eid-creation-and-maintenance-problems.md @@ -40,7 +40,7 @@ I'm going to lump the last 4 together because the only thing I have to add is th ## 60 Day Reset -Every 60 days, you are required to [reset your password](https://www.siue.edu/its/eid_faq.shtml#expired). The NIST password policy guidelines say users shouldn't be required to change their passwords regularly or arbitrarily. If an account is compromised, then it makes sense. But otherwise, you'll just be making everyone increment the last digit in their password every time. Almost no one will create a completely different password when they can just change one character. +Every 60 days, you are required to [reset your password](https://web.archive.org/web/20201026122131/https://www.siue.edu/its/eid_faq.shtml#expired). The NIST password policy guidelines say users shouldn't be required to change their passwords regularly or arbitrarily. If an account is compromised, then it makes sense. But otherwise, you'll just be making everyone increment the last digit in their password every time. Almost no one will create a completely different password when they can just change one character. Furthermore, all these password rules make it much more difficult to analyze the number of possible passwords. To do that, you would need every e-ID and every word in "the dictionary". Who knows what words are included even. I'm certain that even the administrators have no idea how big the password space is, but it's definitely insufficient. This brings me to my next point. |