System Value QPWDRQDDIF and

That value only pertains the the chgpwd command. If you use the chgusrprf command you can make the password anything you want. (as far as I know anyway)

System Value QPWDRQDDIF and

Thanks! That's just what I was hoping to hear!

System Value QPWDRQDDIF and

I also suggest you change QPWDEXPITV which sets the expiration interval for passwords. On our system it is set for 30, which means every month users must change their password. Regards, Jim Langston

System Value QPWDRQDDIF and

Hi, again, Jim! Glad to see you're still visiting here! I was concerned about setting it to a shorter interval than they have for the NT server. Right now, the server's set at 90, I believe by corporate I.S. when they swept through and set us up nearly two years ago. I'll consult with their network director, to see what he thinks. Do you get many complaints?

System Value QPWDRQDDIF and

Jamie, That seems like a pretty short interval. What are the benefits? Seems like that may encourage people to write down their passwords. I have to remember about 30 passwords for various systems. For that reason I developed a system for determining/setting passwords so that I wouldn't have to write down passwords, use the same password, or use the "remember password" check box. Most AS/400s I connect to vary off the device after three mistakes. Fortuanately for me they also most give you another device if you reconnect. David Morris

System Value QPWDRQDDIF and

Suprisingly enough, I didn't get a single complaint. When I was here 3 years ago there was no expiration level at all, passwords were basically kept the same indefinately. I looked at it, thought it wasn't any good, and told the president that I was going to change it to 30 days, and he agreed. I did get a lot of calls from people asking me why they couldn't sign on, then I explained to them how to change thier password on the screen that popped up and they did it. Really goes to show you how many people do not read the first screen or two that pop up, they just get used to hitting Enter and ignoring them. We have a fairly high turn over rate here, and 30 days is not unreasonable. Of course, most people just increment a number or such in their password to change it, but at least it's changed. And having a number in a password at least makes a reverse dictionary lookup worthless. A couple people asked me why we were doing this now, and I told them for security reasons, and they said ok. This company has gotten used to doing it now for 3+ years (I was gone for 2 of those years) and they seem to be content. Regards, Jim Langston

System Value QPWDRQDDIF and

Well, for one, I can analize passwords, and if I see a password has not been changed in 31 days, I know that person is out of here. It also tends to discourage password sharing. If someone gives you their password, next month it's going to be different, so you don't know it anymore. It also usually gets rid of common words, "cat", "dog", "car", etc as password, as people have to change them so often, so they would become something like "cat1", "dog1", "car1", etc... which would make a reverse dictionary password breaker ineffective. I am only limiting duplicate passwords for the past 4 passwords, so they can duplicate them after that if they wish. I have yet to see anyone write down a password, except myself when some other sight gives me one of those L2jo7HG type passwords. Security auditors love the password changing every 30 days. If someone forgets their password, they just call me and I set it back to their name and set it to expired and they change it to a new one again, so there is not much of a fear of them forgetting it and not being able to get back in. And enough people call me to have them reenable their account when they change their password that I feel not many are writing them down, if any. When I had originally set it for 30 days, I thought a lot of people would complain and I would wind up seting it to 60 or 90, but since no one did, I didn't. Regards, Jim Langston

System Value QPWDRQDDIF and

I'd be interested in hearing more about your system for determining/setting passwords, David. I'm already getting communication from my users who are concerned about the number of lock combinations and passwords they're juggling now. And, I'm being rough on them, but we're distributing VPN and people will be accessing our system from all over the world, in their travels. Maybe this is something I could share with them, as well (and MC would use in Tech Tips)?

System Value QPWDRQDDIF and

Rebecca, I just came up with a set of values and then apply those values to the machine I will be connecting to. The values can be anything that makes sense for you. Some examples might be City, State, Company, Job, Boss, Color of carpet, etc. I don't think this has to be real complex, and even if I told you the exact values I use, you would have to know the order, how I arrive at the mneumonics, etc. So if the computer is in Columbia Falls Montana and owned by Plum Creek Timber and the job is programmer my password might be CMTPluPro. If a numeric value is required it could be CMTPlu776 (776=Pro on my phone). If the computer is at home and I am working for myself and I am security officer, it might be WMTSelSec or WMTSel732. David Morris

System Value QPWDRQDDIF and

Good idea. I'm going to work on using a variation for myself before I try to teach it to end-users, etc. Thanks.

System Value QPWDRQDDIF and

Actually, I do the same thing myself. I use a variation on a theme, and although all my passwords are different, I can remember them all. This is important to me, as at home I use the internet extensively, and have signed up for a myriad of pages. I may remember one a year later (usually when they send me an e-mail saying they haven't seen me in a year) and then have to remember the password I had created for them. There was one I couldn't remember my password for the life of me, until I finally realized it was my user name I wasn't doing correctly Regards, Jim Langston