LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page password change frequency
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-28-2009, 12:08 PM   #1
BenCollver
Rogue Class
 
Registered: Sep 2006
Location: OR, USA
Distribution: Slackware64-15.0
Posts: 376
Blog Entries: 2

Rep: Reputation: 172Reputation: 172
password change frequency

PCI DSS v1.2 8.5.9 says "Change user passwords at least every 90 days."

How would I accomplish this for a user who only logs in once or twice per year? I could disable the account but I have not seen Amazon or Ebay inconvenience their users in this way.
 
Old 07-28-2009, 12:57 PM   #2
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Fedora38
Posts: 6,147

Rep: Reputation: 435Reputation: 435Reputation: 435Reputation: 435Reputation: 435
I strongly believe that if you have a good password, and you are capable of keeping it secure, you should not be forced to change it, except by your own volition.

Two of my places of work force me to change my PW at 5 and 7 weekly intervals. So they are rarely in sync. So they are difficult to remember..... So I (and I know I am not the only one, we are all doing this ) choose really STUPID and easy to guess / remember PWs. Previous passwords cannot be used until they fall off the "recently used" list. This "recently used" list is useless as ****wits1 is deemed to be different from ****wits2

This is the complete opposite of what my incredibly stupid employers intended.

But when questioned by the government's stalinist company-inspection ****wits, they can tick the box that says "We enforce password changes every X weeks, to improve security".

So they get a pat on the back.
And very poor passwords.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
change channel or frequency with ndiswrapper? wabbalee Linux - Wireless Networking 3 12-01-2007 07:28 PM
How to re-calibrate clocks after I change CPU frequency? cracauer Linux - Kernel 4 11-09-2006 11:31 AM
change monitor frequency red hat enterprise shilo12 LinuxQuestions.org Member Success Stories 1 09-22-2006 03:51 PM
ndiswrapper - i can't change the frequency nor the channel antistatic Linux - Wireless Networking 1 10-21-2005 09:23 AM
How do I find out and change monitor frequency? flamesrock Linux - Software 1 10-03-2004 01:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:56 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration