|
Alan, I know of some companies in which the user id is predictable and the initial password is the same as the ID but set to *expired. In this case, if you knew that someone named John Smith was starting today and you knew that the company followed a first initial/last name policy, you could just sign on to the system as jsmith/jsmith and perhaps do some damage. I don't think that the problem is that someone is assigning passwords, but that they were assigning them in a predictable pattern. Regards, Andy Nolen-Parkhouse > On Behalf Of alan shore > Subject: Re: Need to generate passwords > > Why should auditing have a problem with you "assigning" passwords. Even > if you have a program to generate a password, you will still need to know > what that password is so that you can inform the user. As s Savings and > Loan, we are constantly audited, both internal and external, and we follow > the same procedure. Someone assigns the password, with *EXPIRED. No > problem what so ever. > Good luck
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
