(no subject)

[msmemory_archive]

If you're going to implement a strong, mandatory, inconvenient policy, it would sure be a good idea to issue a memo, or an all-staff email, or post it on the intranet.

Having to have our IS guy visit each person in the whole site to explain that their computer was locked while they were in the restroom or at lunch, and it will lock itself after 15 minutes of inactivity henceforth, just stinks, for us and for the hapless IS guy. (It also lends itself to people choosing the shortest, weakest passwords they can get away with, if they have to log in several times a day.)

Comments

[tashabear.livejournal.com]

We have to do that in the military, except that we also have to use our ID cards to log in. We get to use a PIN, though.

It's lots of fun when you get to the gate in the morning and realize that you left your ID in your computer the previous night.

[learnedax.livejournal.com]

You know, we also just started doing that, with no explanation at all. I wonder whether it's some new mis-feature that's being pushed by MS...

[ilaine-dcmrn.livejournal.com]

Wow, if we implemented something with that kind of customer impact with no notice our eyebrows would be singed back to our collarbones.

[cvirtue.livejournal.com]

I'm not an infosec person, but it seems to me that if a company is going to have this sort of security paranoia, then 15 minutes is *too long.*

So as well as being annoying, stupidly implemented, etc, it may also be too lax to be useful.

[corwyn-ap.livejournal.com]

Why would you tell everyone at once? That way people can conspire to have the rule overthrown. By having people find out one at a time you spread the discontent around, and by the time a critical mass of people know, many will be resigned to it.

[n2mlq.livejournal.com]

Or you wind up like me, with good strong passwords, and I keep the auto-lock set for five minutes, three was just a little too short.