How do YOU handle passwords. We are looking at redoing the way we handle passwords and was wanting a little feed back from everyone else in the field. So if you could answer some of these questions and if you want to add more info that would be great. We are a law firm so we are a little different. We have Float Secretaries that need to work on different secured documnets on different days.
1. What is your policy on password retention? 90 days, 120 days?
2. How many times do they have to use a new password before they can use the one again. 3, 5, ?
3. What kind of combination do the have to have for a password? 5 letters 1 number, min 5 characters ?
4. What do you do about making sure the passwords are secure?
5.What do you do with Float Secretaries? Do they use the normal secretaries password, or do you set security equivalent rights?
6. Does the IS keep a password list in case that they have to work on the machines?
