RE: password complexity -- implementing security changes

  • From: "Reidy, Ron" <Ron.Reidy@xxxxxxxxxxxxxxxxxx>
  • To: <cemail_219@xxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
  • Date: Thu, 2 Mar 2006 15:43:17 -0700

You are correct.  Adding complexity will not lock an account.  Yes,
initial and reset passwords meet the complexity rules.

As for the application prompting them, I would assume the application
would need to notify them.  I produce a report that is mailed to the end
users when their database passwords are within 3 weeks of expire, and
then each week thereafter.  They can change their passwords when they
have the time.

--
Ron Reidy
Lead DBA
Array BioPharma, Inc.

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of J. Dex
Sent: Thursday, March 02, 2006 1:49 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: password complexity -- implementing security changes


I am wondering how other shops handle security changes relating to
password 
complexity.

We just implemented a lot of security features into our database
including 
password complexity.  The users login through an application.  Adding 
password complexity did not appear to lock out their accounts.  When
they 
try and login, though, with multiple attempts it finally does lock it.
Do 
most of you just give them a password initially that fits complexity and

tell them they have to change it?

I am still not even sure if the application is going to prompt them
after 90 
days to change the password or they will just start getting locked out.

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

--
//www.freelists.org/webpage/oracle-l



This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is 
intended 
to be for the use of the individual or entity named above. If you are not the 
intended recipient, please be aware that any disclosure, copying, distribution 
or use of the contents of this information is prohibited. Please notify the
sender  of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.

--
//www.freelists.org/webpage/oracle-l


Other related posts: