Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
2566 posts

Uber Geek

  # 1605377 6-Aug-2016 12:05
Send private message

Password expiry is only one aspect also, password reuse is the other biggie,

SWMBO is a teacher at a local primary with a 90 expiry with complexity requirements, but she's learned to simply swap between two as they have no reuse time limit.

451 posts

Ultimate Geek

Lifetime subscriber

  # 1605450 6-Aug-2016 14:22
Send private message



... you are a school and not the GCSB ...
All the agencies I've worked for (2 in govt in NZ) have 90 day password expire dates which includes my current employer (1200 staff govt agency) so feel free to use that as precedence if you need.



The GCSB themselves recommend 90 days!


See The NZ Information Security Manual at, Part 2, Chapter 16, paragraph 16.1.22.C.01. on page 345: "Agencies MUST ... ensure that passwords are changed at least every 90 days;"


1912 posts

Uber Geek

  # 1606352 8-Aug-2016 14:37
One person supports this post
Send private message

Ive seen both sides of this


One company I worked at had strict pass reset(6weeks) & pass complexity requirements the REAL WORLD, what happened is passwords simply were too complex & changed too often to be remembered by those who simply dont care
So, what actually happens is, passwords get written on a scrap of paper & taped to the monitor. Ive seen that, often.


so much for security, eh .
Security is also about managing people. Managing people is not just making rules.



I fix stuff!
1783 posts

Uber Geek


  # 1606390 8-Aug-2016 15:43
Send private message

I would use 90 days for all passwords and 2FA for staff.



1256 posts

Uber Geek

  # 1606391 8-Aug-2016 15:45
Send private message

The UK government’s National Technical Authority for Information Assurance advises organisations on how to protect their information and information systems. They say:


"...the conversation we've had with people all around the public sector hasn't been a happy one when it comes to passwords. When every system needs a different password, the complexity settings for each system are set high, and password changes are enforced frequently, the outcome is not better security... we've learnt about how trying to make passwords more secure means systems end up less secure. When we're overloaded with passwords, we all end up breaking the rules: we use the same passwords across different systems, we use coping strategies to make passwords more memorable (and thus more easily guessed), and we store passwords insecurely. Jokes about passwords on sticky notes underneath keyboards aren't jokes.


When we overload users with passwords, we also add cost. There's the cost of dealing with increased password resets and account lockouts, and by putting up barriers in the name of security, we reduce the functionality of systems, and make it harder for people to do their jobs.


...the result is that we're asking users to put in more work remembering complicated passwords, for no actual extra security benefit."


Their full advice on passwords is here: Password guidance: Simplifying your approach.

894 posts

Ultimate Geek

  # 1606402 8-Aug-2016 15:58
Send private message

Thanks for all the replies.  We are going to go 90 days for all staff, we just want to get self service for forgotten passwords going before hand to reduce the increased workload for the IT staff.


I don't think we will go 90 days for students simply due to the problems with forgotten passwords, we go from year 0 to 13.  Expecting 5 year olds to remember a password change is a bit much (hard enough with 18 year olds)


Can anyone think of any reason not to use MIM 2016 (Microsoft Identity Manager) rather than one of the other 3rd party options like ureset, activate, okta?  For those that have talked about the 3rd party options is there a reason your company went with what they did?




(disclaimer I am not in the IT department, I'm simply a teacher who is a staff representative on the IT team)





1015 posts

Uber Geek


  # 1606414 8-Aug-2016 16:14
Send private message





Can anyone think of any reason not to use MIM 2016 (Microsoft Identity Manager) rather than one of the other 3rd party options like ureset, activate, okta?  For those that have talked about the 3rd party options is there a reason you company went with what they did?





We use Activate because of it's wider feature set (User Provisioning & Folder, Mailbox & Sharepoint user access). If you're just after password resets MIM looks like a good option.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27

New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18

Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11

Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36

MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28

Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15

D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31

Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29

Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24

Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59

Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07

Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02

Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41

Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.