1 - I read something several years ago about password policy and that decreasing pw reset times and increasing length and complexity had a sort of reverse effect because it lead to people following formula (switching characters around or increment numbers) or just being more prone to keeping them written down in unsafe places and there was a theoretical point of diminishing returns. In your experience have you found anything that supports or refutes this notion?
2 - Key fobs and phone apps providing tokens for use in authentication - is this a real solution or a placebo? Is there a struggle with increased cost and effort to the IT team replacing and resetting due to the fob or phone being lost that might be keeping some orgs from adopting this or regretting making a move to this?
MyGrownUpLife9 karma
1 - I read something several years ago about password policy and that decreasing pw reset times and increasing length and complexity had a sort of reverse effect because it lead to people following formula (switching characters around or increment numbers) or just being more prone to keeping them written down in unsafe places and there was a theoretical point of diminishing returns. In your experience have you found anything that supports or refutes this notion?
2 - Key fobs and phone apps providing tokens for use in authentication - is this a real solution or a placebo? Is there a struggle with increased cost and effort to the IT team replacing and resetting due to the fob or phone being lost that might be keeping some orgs from adopting this or regretting making a move to this?
View HistoryShare Link