![]() ![]() In just about every set of rules, this is absolutely mandatory. If you're subject to regulatory compliance, then only users should have access to their own passwords. This undermines any intended efficacy of the password change in the first place. If you force regular credential changes they will write it down. Wrong, passwords should be generated by IT that meet administratively defined SOP criteria, never user defined. How would you know the user has a good password? The only person who should know a user's password is the user. This post is ultimately what lead me to create this thread. User's will make mistakes, so he believes that IT should provide the user's with passwords they can remember that are unlikely to be cracked by external entities.ĮDIT: Adding some context for this discussion. He believes that IT should generate the user's password for them. User's will make mistakes, but they have to be able to create passwords on their own that they will remember and nobody else can use in their place. I believe nobody should know a user's password other than that user. ![]() We've all got something to learn, so let's have a civil discussion here instead. Staying true to my promise, I will not hijack that thread further. In a separate thread I manage to veer off topic with Christopher_001 who has some opinions that differ from my own.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |