Answer the question
In order to leave comments, you need to log in
Is it possible to set a list of "incorrect" passwords for AD users?
Actually a subject. Light up a list of the 100 most popular passwords and prohibit them from being set to enter AD.
Answer the question
In order to leave comments, you need to log in
To do this, there is a policy of complexity and frequency of password changes.
nfire , the complexity of passwords is purely an organizational issue.
as a rule, in a normally organized IT service, the technical support service is responsible for changing user passwords, and let the user reset his password at least 100 times a day, filling out, of course, a reset request in the prescribed manner.
This will only give management food for thought on the topic "is everything in order with this employee."
In the end, you can describe all the dangers to the management by demonstrating the company databases on the Internet (including email addresses, and this is an increase in incoming spam).
Well, rest on the fact that in this case it will be necessary to make one, completely powerless user at all, so as not to give anyone extended rights, since one password of an advanced user, in this case, will walk throughout the company and lead to virus infection (or launching programs that are not viruses, but greatly interfere with the work of both users and the network / servers).
In general, intimidate the authorities :D by connecting all your experience, imagination, and google.
The main thing is not to overdo it.
Oh yes, don’t forget to tell about personal photos from connected smartphones :D which will definitely be stolen and posted on the Internet
My experience shows that simple and frequent passwords in general do not correlate much with the top 100.
Usually this is a derivative from a name (Manyunechka004, anatoliy18) or something personal (spartak5, pelevin18).
The more complex the requirements after a certain edge, the higher the probability of writing on the sheets. If sanctions are applied to the leaves, then only a small percentage remembers the password, the rest replace the leaf with a note on the phone or simply write in a diary.
In general, personal opinion - a password of 8 characters and a change once a month, you can not alternate. Of course, this is not about responsible areas, but usually users understand better there (glevbukhs now seem to me smarter than 5-7 years ago).
In the long term - a two-factor.
https://technet.microsoft.com/en-us/library/cc7708... - it will also be useful about granular password policies.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question