Changing passwords more than once per day

TheMSsForum.com: The Microsoft Software Forum

Hello,

Can someone please tell me what the security issue of
allowing a user to change their password more than once
per day? I know the policy setting of minimum password
age must be greater than 0 to enforce the password history
setting. However, I am looking for a reason why this is
not a good security practice.

Thanks,

BK
Top

Re: Changing passwords more than once per day by Dave

Dave
Tue Feb 10 15:19:16 CST 2004

The reason it is not a good idea is this. If you require a history of
passwords and do not limit password changing, the user could just keep
changing their password the required number of times to get back to their
original password. Effectively keeping the same password all the time.

- Dave


"BK" <rkelleytakeout@ritatakeoutohioremoveit.com> wrote in message
news:d77201c3f01a$59335c60$a101280a@phx.gbl...
> Hello,
>
> Can someone please tell me what the security issue of
> allowing a user to change their password more than once
> per day? I know the policy setting of minimum password
> age must be greater than 0 to enforce the password history
> setting. However, I am looking for a reason why this is
> not a good security practice.
>
> Thanks,
>
> BK


Top

Re: Changing passwords more than once per day by Tedd

Tedd
Tue Feb 10 15:43:51 CST 2004

Letting a user change his/her password once per day is a bit like opening
your safe in front of a window everyday. It gives a much greater chance of
someone seeing it and most people run out of good passwords after so may
attempts and they might end up storing the password someplace or having a
password that just increments by 1 each day or one letter advances per day.
Making it easier to find.
Once per week. That makes more sense to me.

--
Tedd Riggs
PDA Square Content Developer
www.pdasquare.com


"BK" <rkelleytakeout@ritatakeoutohioremoveit.com> wrote in message
news:d77201c3f01a$59335c60$a101280a@phx.gbl...
> Hello,
>
> Can someone please tell me what the security issue of
> allowing a user to change their password more than once
> per day? I know the policy setting of minimum password
> age must be greater than 0 to enforce the password history
> setting. However, I am looking for a reason why this is
> not a good security practice.
>
> Thanks,
>
> BK


Top