1.  Home
  2. MIDRANGE-L
  3. March 2025

Re: password reset required after migration to power 10 (v7r3 to v7r5)

I still think that passwords need to be changed at 'some' point. And
here's the reason why. I can recite a few cases of passwords not changed
in decades. Passwords known to people long departed from the company. Why
haven't they changed? Mostly because they're paralyzed with fear over all
the places that may be using the password that they don't know they may
have to change. Here are some examples:
- ldapuser : If you have everything from scanner/copiers, security
applications, etc if I posted the password for ldapuser in a company wide
email and on your company social media page how disruptive would that be to
change?
- some generic Windows administrator account. We have people here who use
that account, and not their own, to log on to PC's not their own. And
often leave that logged on. Their fear of changing that is all the
scheduled tasks which rely upon the user and password. And also
remembering all the devices where that is the only user id on that device
(ie a switch or router)
- intersystem user id's : For example, userids used for file transfer, odbc
applications and that genre

Changing these passwords on 'some' interval let's you know what to do for
when you HAVE to do it.

We are using IBM Security Identity Manager (or whatever name it's known by
this week). When I change my password in Windows it propagates the change
to Domino, every lpar we have of IBMi, etc. I also have a monthly calendar
reminder (no, we do not change passwords that often, that is simply a
monthly reminder) that reminds me of places I may need to change. Like
WRKSVRAUTE, the Windows event manager tasks I have on a couple of servers,
IBM Spectrum Protect, and so on.

I've gotten into the habit of setting up separate ldap userids for
different applications. This way if another department is paralyzed by
fear of changing their ldap password I am fine with changing mine.

On Mon, Mar 17, 2025 at 4:16 AM Patrik Schindler <poc@xxxxxxxxxx> wrote:

Hello Jerry,

please use this opportunity to try some Google searches along the lines of
"why frequent password changes are a bad idea".

Here you have a government blog post (!) for convincing management:

https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry

It seems forcing timed password changes are still done because it has been
like this all the time before. Rear Admiral Grace Hopper might rotate in
her grave when she hears… ;-)




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.