No announcement yet.

Industry Standard Password Age

  • Filter
  • Time
  • Show
Clear All
new posts

  • Industry Standard Password Age

    Can I get some feedback on what everyone has for their domain maximum password age.

    We are currently at 30 days, then the user will have to choose a new password.

  • #2
    Re: Industry Standard Password Age

    Originally posted by Deland01 View Post
    domain maximum password age
    IMAO, 30 days is too short a period. Because users need to invent 12 complex passwords a year, they tend to either write them down (on a Post-It note that is sticked beneath the keyboard) or use sequences like Pa$$w0rd1, Pa$$w0rd2... Pa$$w0rd12 (for which they are likely to write down the formula too).

    Consider using multifactor authentication like smart cards if high security is required. Otherwise, increasing password age to 60/90 days shouldn't be big a downgrade on security, but you mileage may vary.



    • #3
      Re: Industry Standard Password Age

      Target tighter restrictions at systems that require higher security

      You could even try talking to your users to see what they think of the current requirements, along with training them as to why the requirements are in place.

      There is no industry standard, since every administrator will design the system that's right for their business. Discuss with your management and implement what is decided.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.


      • #4
        Re: Industry Standard Password Age

        We do 90 days. Seems to keep the user base happy and gives us some sense of security. Although we still get complaints about the 8 character minimum......