home *** CD-ROM | disk | FTP | other *** search
- Comments: Gated by NETNEWS@AUVM.AMERICAN.EDU
- Path: sparky!uunet!gatech!paladin.american.edu!auvm!UCHIMVS1.UCHICAGO.EDU!CCFXKPD
- Message-ID: <IBM-MAIN%92101609160337@RICEVM1.RICE.EDU>
- Newsgroups: bit.listserv.ibm-main
- Date: Fri, 16 Oct 1992 09:12:00 CST
- Sender: IBM Mainframe Discussion list <IBM-MAIN@RICEVM1.BITNET>
- From: Kriss Davis <CCFXKPD@UCHIMVS1.UCHICAGO.EDU>
- Subject: Re: Addr: RACF/VM
- Lines: 30
-
- I agree that theoritically having the users change their passwords
- at initial log on and at intervals is a good idea. However,
- there are way too many users of systems that changing their
- passwords just adds another thing they have to know how to
- do that they are not called upon to do frequently enough to
- remember how to do.
-
- Also, the rules about password construction (if there are
- any like no duplicate letters, must be at least X chars. long, etc.)
- are usually poorly or not documented. So when a user goes to
- change passwords, they try several, none are the right configuration,
- and then the USERID gets locked and must be unlocked and reset.
- Seecurity packages rarely put out informative messages telling the
- user why a certain password is not acceptable.
-
- It is also unrealistic to think that users don't write down and/or
- share their passwords with coworkers. So really, what is the use
- of having them change it frequently unless you make sure they don't use
- the same two passwords over and over again (Many mainframe systems
- do not even have that level of protection or it is not implemented).
-
- Sorry to go on about this, but this issue takes up to much of my and
- my staffs time to resolve.
-
- If the password changing interface was more forgiving and guided the
- user through it, I would say sure, let's force users to
- change passwords every month, but that is not the case in the
- packages I am familiar with.
-
- Kriss Davis, University of Chicago
-
