"mallah.raj...@gmail.com" <mallah.raj...@gmail.com> wrote:
> > >Coming back to real issue,i have already initiated password policy >control. But i feel its not impossible for the enduser to somehow leak >the password, passwords are commonly >remembered by muas and possibility of virus and malware sniffing out >the passwords from end user can also not be ruled out. > > It actually can. I don't know your password policy, but I have noticed in over 25 years of working with computing that users will always try to find a way to adhere simply to a password policy.(e.g.: requirements for one capital letter, one number, and one punctuation mark in a 8-32 char length password will be met with something like "Password1!" - a capitalized dictionary word with a number one and exclamation mark.) The ybest policy is to require true randomness, have them write the password down legibly and keep it someplace like their wallet or something, and to make sure they aren't installing crapware on their computers - and if it happens again, change their passwords immediately. I have a more detailed explanation of how I handle my own passwords - I'll link when I'm not typing on my phone. :-) -Dennis -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
