|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Forget Password, each dayHello
I am looking for a more secure method of having password for our users in windows 2003 AD network. Is there a way to automatically expire password at the end of each day and assign a new password. I would like to generate a password for each day in advance and give it to the selected users. Is there any facility in Windows 2003 to achive this or any third party tools to do it? Regards macks "MackS" wrote: Best suggestion: increase the length.> I am looking for a more secure method of having password for our users in > windows 2003 AD network. > Is there a way to automatically expire password at the end of each day and This is a TERRIBLE idea. One of the weakest aspects of using passwords is > assign a new password. I would like to generate a password for each day in > advance and give it to the selected users. transmitting them. Another is users writing them down (because they can't remember them). A third serious weakness is if anyone besides the user knows the password, or has any way to obtain it. This combines all three. > Is there any facility in Windows 2003 to achive this or any third party You could probably do it with a script fairly easily, but (IMHO) this will > tools to do it? seriously degrade the security of your network.
Show quote
Hide quote
"MichaelHensley" <mhensley@news.postalias> wrote in message Michael is correct this is (almost certainly) a terriblenews:AF24411E-F1B0-4C44-994C-0A9B1DBFD1ED@microsoft.com... > "MackS" wrote: > >> I am looking for a more secure method of having password for our users in >> windows 2003 AD network. > > Best suggestion: increase the length. > >> Is there a way to automatically expire password at the end of each day >> and >> assign a new password. I would like to generate a password for each day >> in >> advance and give it to the selected users. > > This is a TERRIBLE idea. One of the weakest aspects of using passwords is idea. (Keeping the transmission of the "new" password would be more difficult a security issue than whatever you are trying to protect now.) And no one (not even admins) it really supposed to know the users' passwords. If you really need this (government, trade secret, banking, etc level security) then go for a third party solution that uses a "SecureID" (ever changing code number) together with server side software that alters the logon security. Maybe just a SmartCard for such users would be better. Show quoteHide quote "MichaelHensley" <mhensley@news.postalias> wrote in message news:AF24411E-F1B0-4C44-994C-0A9B1DBFD1ED@microsoft.com... > "MackS" wrote: > >> I am looking for a more secure method of having password for our users in >> windows 2003 AD network. > > Best suggestion: increase the length. > >> Is there a way to automatically expire password at the end of each day >> and >> assign a new password. I would like to generate a password for each day >> in >> advance and give it to the selected users. > > This is a TERRIBLE idea. One of the weakest aspects of using passwords is > transmitting them. Another is users writing them down (because they can't > remember them). A third serious weakness is if anyone besides the user > knows > the password, or has any way to obtain it. This combines all three. > >> Is there any facility in Windows 2003 to achive this or any third party >> tools to do it? > > You could probably do it with a script fairly easily, but (IMHO) this will > seriously degrade the security of your network. > This is not more secure. It is not more secure because you have to
transmit it to the users and since it is always changing the likelihood is that users will be writing it down so they know what it is on any given day. I would recommend reading whitepapers, etc on password security. -- Show quoteHide quoteJoe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm MackS wrote: > Hello > > I am looking for a more secure method of having password for our users in > windows 2003 AD network. > Is there a way to automatically expire password at the end of each day and > assign a new password. I would like to generate a password for each day in > advance and give it to the selected users. > > Is there any facility in Windows 2003 to achive this or any third party > tools to do it? > > Regards > > macks > > I think you should go through this document so that your doubts are
cleared. If you are using password complexity requirements in your org, then a chance to crack a password for a hacker would be less than winning lottery. Frequently Asked Questions About Passwords http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx ~Cheers, Ajay Sarkaria Joe Richards [MVP] wrote: Show quoteHide quote > This is not more secure. It is not more secure because you have to > transmit it to the users and since it is always changing the likelihood > is that users will be writing it down so they know what it is on any > given day. I would recommend reading whitepapers, etc on password security. > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > MackS wrote: > > Hello > > > > I am looking for a more secure method of having password for our users in > > windows 2003 AD network. > > Is there a way to automatically expire password at the end of each day and > > assign a new password. I would like to generate a password for each day in > > advance and give it to the selected users. > > > > Is there any facility in Windows 2003 to achive this or any third party > > tools to do it? > > > > Regards > > > > macks > > > > Complexity is double edged. The more complex you make the requirements,
the more likely you will be beaten by social issues. I.E. People writing passwords down, etc. Pure cracking time really isn't the only consideration. If you make it difficult for normal users to recall their password via forcing a lot of changes (anything more than once every 90 days is a lot to me) or adding lots of complexity they will write it down somewhere. -- Show quoteHide quoteJoe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm AJ wrote: > I think you should go through this document so that your doubts are > cleared. If you are using password complexity requirements in your org, > then a chance to crack a password for a hacker would be less than > winning lottery. > > Frequently Asked Questions About Passwords > http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx > > ~Cheers, > > Ajay Sarkaria > > Joe Richards [MVP] wrote: >> This is not more secure. It is not more secure because you have to >> transmit it to the users and since it is always changing the likelihood >> is that users will be writing it down so they know what it is on any >> given day. I would recommend reading whitepapers, etc on password security. >> >> -- >> Joe Richards Microsoft MVP Windows Server Directory Services >> Author of O'Reilly Active Directory Third Edition >> www.joeware.net >> >> >> ---O'Reilly Active Directory Third Edition now available--- >> >> http://www.joeware.net/win/ad3e.htm >> >> >> MackS wrote: >>> Hello >>> >>> I am looking for a more secure method of having password for our users in >>> windows 2003 AD network. >>> Is there a way to automatically expire password at the end of each day and >>> assign a new password. I would like to generate a password for each day in >>> advance and give it to the selected users. >>> >>> Is there any facility in Windows 2003 to achive this or any third party >>> tools to do it? >>> >>> Regards >>> >>> macks >>> >>> > Hi,
If you happen to lose your password I suppose Active@ Password Changer might help you to reset it http://www.password-changer.com/ Joe Richards [MVP] wrote: Show quoteHide quote > Complexity is double edged. The more complex you make the requirements, > the more likely you will be beaten by social issues. I.E. People writing > passwords down, etc. Pure cracking time really isn't the only > consideration. If you make it difficult for normal users to recall their > password via forcing a lot of changes (anything more than once every 90 > days is a lot to me) or adding lots of complexity they will write it > down somewhere. > > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > AJ wrote: > > I think you should go through this document so that your doubts are > > cleared. If you are using password complexity requirements in your org, > > then a chance to crack a password for a hacker would be less than > > winning lottery. > > > > Frequently Asked Questions About Passwords > > http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx > > > > ~Cheers, > > > > Ajay Sarkaria > > > > Joe Richards [MVP] wrote: > >> This is not more secure. It is not more secure because you have to > >> transmit it to the users and since it is always changing the likelihood > >> is that users will be writing it down so they know what it is on any > >> given day. I would recommend reading whitepapers, etc on password security. > >> > >> -- > >> Joe Richards Microsoft MVP Windows Server Directory Services > >> Author of O'Reilly Active Directory Third Edition > >> www.joeware.net > >> > >> > >> ---O'Reilly Active Directory Third Edition now available--- > >> > >> http://www.joeware.net/win/ad3e.htm > >> > >> > >> MackS wrote: > >>> Hello > >>> > >>> I am looking for a more secure method of having password for our users in > >>> windows 2003 AD network. > >>> Is there a way to automatically expire password at the end of each day and > >>> assign a new password. I would like to generate a password for each day in > >>> advance and give it to the selected users. > >>> > >>> Is there any facility in Windows 2003 to achive this or any third party > >>> tools to do it? > >>> > >>> Regards > >>> > >>> macks > >>> > >>> > >  
Other interesting topics
Installation Question -- Urgent, Desparate!
Group Policy Problem Terminal Server Creating SIF file for a RIS image PDC and BDC System Volume Information folder is using too much hard drive spac send email with exchange in a domain and SBS How to Run a Server With No Drive C -- Still Urgent! roaming profile ..access denied..canot load ur roaming profile @lo I work on 2 subnets on the same computer /networkbut have only one |
|||||||||||||||||||||||
