Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Toolbox sap-security Reply from henrikmadsen on Jul 19 at 7:19 PM The difference between the 30 and 5 days expiry depends...
Are the passwords random, or do are they well known to everyone in the company, such as Welcome@12 or <employeenumber>_123
If they are random, I don't see the risk being significant, as it's really no different than any other password set by users themselves?
If they are "pre-defined", I would go with as short as possible, and then work on changing that process!
| | | ---------------Original Message---------------
From: MAK-SA
Sent: Wednesday, July 19, 2017 9:44 AM
Subject: Login/Password Max Idle Initial
Many thanks all of you for your valuable input.
Actually we have all the controls in place, to mention a few…
Complex password criteria, Password must be changed at first logon, Productive password must be changed after every 90 days, Password history is enforced to a suitable number.
Initial password is sent to users in a confidential email. I was concerned about the validity of this initial password. Some recommend it should be 3 and some says it should be 5. I found this value is set as 30 in my Company. Before creating an Infrastructure Change Management ticket, I wanted to understand the benefit if we reduce it from 30 to 5 and if we keep it 30 what could be the risk.
So it is clear now that longer validity period poses greater chances of misuse, lesser validity period is much safer but it might increase the administrative tasks. Because if employees do not utilize the password say in 5 days it will expire then again he had to create a ticket for password reset.
Best Regards |
| Reply to this email to post your response. __.____._ |   _.____.__ |
