Article 11803 at 08/01/27 18:21:35 From: bq (at mark) solarspeed.net Subject: [coba-e:11803] Re: Cpanel reporting Javascript vulnerability...

Index: [Article Count Order] [Thread]

Date:  Sun, 27 Jan 2008 10:21:20 +0100
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:11803] Re: Cpanel reporting Javascript vulnerability...
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200801271021.20889.bq (at mark) solarspeed.net>
In-Reply-To:  <20080127132503.3526e06b@patricko>
References:  <005301c85f86$117fbe60$6400a8c0 (at mark) HPPAVILION> <20080127132503.3526e06b (at mark) patricko>
X-Mail-Count: 11803

Hi patricko,

>  [1]
>  We have to set mandatory password policies in BQ
>  eg:
>
> [...]
>
>  -password rotation every 30 days
>
>  -cannot reused old password.

Forced password rotatation and inability to re-use old passwords do 
immediately backfire. If you force that on users the typical thing they do is 
to use weaker passwords or to just append month and year to password that's 
weak to begin with. Because otherwise they can't remember their password 
after the x-th forced change.

-- 
With best regards,

Michael Stauber