Why 42 Days

  • Thread starter Thread starter Pa55w0rd
  • Start date Start date
P

Pa55w0rd

Reviewing our domain security policy and wonder why microsoft recommend
42days as a "Maximum Password Age" ?
 
"Pa55w0rd" . wrote in message
news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
> Reviewing our domain security policy and wonder why microsoft recommend
> 42days as a "Maximum Password Age" ?

Because that's what the dice rolled?

Seriously, consider what your own password requirements are, and why aging
them will help or hinder your operation. Then figure out how you can best
achieve that, and at what stage passwords should become stale.

Also consider how many pitchforks and torches your users can assemble should
you set the aging period too low.

Alun.
~~~~
 
Last edited by a moderator:
Alun Jones wrote:
> "Pa55w0rd" . wrote in message
> news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
>> Reviewing our domain security policy and wonder why microsoft recommend
>> 42days as a "Maximum Password Age" ?
>
> Because that's what the dice rolled?
>
> Seriously, consider what your own password requirements are, and why aging
> them will help or hinder your operation. Then figure out how you can best
> achieve that, and at what stage passwords should become stale.
>
> Also consider how many pitchforks and torches your users can assemble should
> you set the aging period too low.
>
> Alun.
> ~~~~
>
>

Because 42 is the answer.
 
Last edited by a moderator:
"Pa55w0rd" . wrote in message
news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
> Reviewing our domain security policy and wonder why microsoft recommend
> 42days as a "Maximum Password Age" ?


Remember that current thinking at MS is not 42 days, if there is such
a thing as current thinking (instead of 27zillion different thoughts).

42 days is 6 weeks.
After you take into account that people get warned about the need to
change 2 weeks before the expiration, and most people will change
it then instead of deal with dismissing a warning/offer at each login,
you end up with a one month password age before it gets changed.
Anything less and the pitchforks do indeed start to fly (at you), but
back then, MS was fairly new to the "get with the security awareness"
program, and evidently they felt that monthly passwords were about
as far as the curve could be pressed but wanted to seem aggressive
about forcing password changes.
In other words, whoever knows is probably well hidden in some
other area of MS product development now.

Roger
 
Last edited by a moderator:
"Mostly Gizzards" <mostlygizzards@tehgmail.com> wrote in message
news:eHcrZSsBIHA.1188@TK2MSFTNGP04.phx.gbl...
> Alun Jones wrote:
>> "Pa55w0rd" . wrote in message
>> news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
>>> Reviewing our domain security policy and wonder why microsoft recommend
>>> 42days as a "Maximum Password Age" ?
>>
>> Because that's what the dice rolled?
>>
>> Seriously, consider what your own password requirements are, and why
>> aging them will help or hinder your operation. Then figure out how you
>> can best achieve that, and at what stage passwords should become stale.
>>
>> Also consider how many pitchforks and torches your users can assemble
>> should you set the aging period too low.
>>
>> Alun.
>> ~~~~
>
> Because 42 is the answer.

so it is................
 
Last edited by a moderator:
The answer to the ultimate question about life the....
hmmm did the universe change just now?

--
Good luck

Eric Denekamp
http://blogs.infosupport.com/ericd

=============================
"microsoft news" <geoffwin@SPAM.gmail.com> wrote in message
news:OP5DNi0BIHA.4568@TK2MSFTNGP02.phx.gbl...
>
> "Mostly Gizzards" <mostlygizzards@tehgmail.com> wrote in message
> news:eHcrZSsBIHA.1188@TK2MSFTNGP04.phx.gbl...
>> Alun Jones wrote:
>>> "Pa55w0rd" . wrote in message
>>> news:B877C298-B1F2-4DE0-B8A4-F379AAD01D19@microsoft.com...
>>>> Reviewing our domain security policy and wonder why microsoft recommend
>>>> 42days as a "Maximum Password Age" ?
>>>
>>> Because that's what the dice rolled?
>>>
>>> Seriously, consider what your own password requirements are, and why
>>> aging them will help or hinder your operation. Then figure out how you
>>> can best achieve that, and at what stage passwords should become stale.
>>>
>>> Also consider how many pitchforks and torches your users can assemble
>>> should you set the aging period too low.
>>>
>>> Alun.
>>> ~~~~
>>
>> Because 42 is the answer.
>
> so it is................
>
 
Last edited by a moderator:
Back
Top