Re: Password History Policy Question
On Jan 17, 2008, at 3:54 PM, John Hascall wrote:
> This is, indeed, a restriction. If you need more, you need to change
> the code and recompile, etc.[/color]
No code here. I'll have to use that as en excuse to get an exception.
> In any event, unless you also set a minimum password lifetime, you
> can't guarantee a no reuse in a year anyway (I could change my
> 12 times in 12 minutes).[/color]
I have that covered.
> I realize that these sorts of password rules are often externally
> but it's not clear to me (or many others) that they actually have a
> effect on security).
Let me know when you convince non-technical security auditors.