msmemory_archive | (no subject)

You're viewing

msmemory_archive's journal
Create a Dreamwidth Account Learn More

Reload page in style: site light

If you're going to implement a strong, mandatory, inconvenient policy, it would sure be a good idea to issue a memo, or an all-staff email, or post it on the intranet.

Having to have our IS guy visit each person in the whole site to explain that their computer was locked while they were in the restroom or at lunch, and it will lock itself after 15 minutes of inactivity henceforth, just stinks, for us and for the hapless IS guy. (It also lends itself to people choosing the shortest, weakest passwords they can get away with, if they have to log in several times a day.)

Flat | Top-Level Comments Only

From:

tashabear.livejournal.com

We have to do that in the military, except that we also have to use our ID cards to log in. We get to use a PIN, though.

It's lots of fun when you get to the gate in the morning and realize that you left your ID in your computer the previous night.

From:

learnedax.livejournal.com

You know, we also just started doing that, with no explanation at all. I wonder whether it's some new mis-feature that's being pushed by MS...

From:

msmemory.livejournal.com

I can live with the policy, though I dislike it. What pisses me off is that there was no notification. (Not even "And as of next Wednesday, if you're away from your desk for 15 minutes or more, your computer will automatically lock. Just provide your password, and all your applications will still be in the state you left them.")

From:

ilaine-dcmrn.livejournal.com

Wow, if we implemented something with that kind of customer impact with no notice our eyebrows would be singed back to our collarbones.

From:

cvirtue.livejournal.com

I'm not an infosec person, but it seems to me that if a company is going to have this sort of security paranoia, then 15 minutes is *too long.*

So as well as being annoying, stupidly implemented, etc, it may also be too lax to be useful.

From:

cellio

Our company has this policy, and you can't override the settings. My manager pointed out that they had just made his computer less secure; he had had it set at 5 minutes. Unfortunately, they didn't care. :-(

From:

hugh-mannity.livejournal.com

Yep. Ours is a mandatory 5 minutes. We have to change our passwords every 90 days and they have to be a minimum of 6 characters and include a number.

Fortunately I know enough SCAdians whose names I can mangle that I haven't run out of memorable passwords yet. In fact I haven't done with Carolingia ;)

From:

alexx-kay.livejournal.com

Our passwords have to be at least 8 characters, include At least three out of the four from the set [lowercase, uppercase, numbers, punctuation], not be 'too close' to anything the built-in automated program has in its dictionary, and can't be any of the last 25 passwords you used.

I hate password-changing day.

From:

corwyn-ap.livejournal.com

Why would you tell everyone at once? That way people can conspire to have the rule overthrown. By having people find out one at a time you spread the discontent around, and by the time a critical mass of people know, many will be resigned to it.