Comments on: Password paradox http://www.dancingmango.com/blog/2006/07/12/password-paradox/ For more than a decade Marc has been a passionate advocate of placing the customer at the heart of business, working with clients in finance, retail, government and entertainment sectors, helping them craft compelling cross channel customer experiences. Marc champions lean and agile approaches for making customer driven innovation happen. He brings design thinking and creativity to clients, engaging across the organisation with a focus on delivery as well as ideas. He is currently writing a book on Agile Experience Design to be published this Autumn. Sun, 25 Sep 2011 23:33:07 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Richard Schwartz http://www.dancingmango.com/blog/2006/07/12/password-paradox/comment-page-1/#comment-1649 Richard Schwartz Wed, 12 Jul 2006 17:59:57 +0000 http://www.dancingmango.com/blog/?p=61#comment-1649 You are entitled to think whatever you want about Lotus Notes, call it dreadful, etc. -- but please be aware that this is not the default behavior of the product. This was a choice made by the Notes administrators in your own organization. They have bought into the (foolish, IMHO) conventional wisdom that requiring frequent password changes and dis-allowing re-use improves security because it guarantees that any hole opened up will be closed within a short period of time. Lotus Notes allows this choice in order to accomodate the people who believe this, along with various other options for managing passwords -- including requiring no changes at all, ever. I have had the same password for Lotus Notes for 13 years now. Of course, it helps that I am the administrator, so I set the policies. So anyhow in this case your argument is really with your own company's policies, not with the product. -rhs You are entitled to think whatever you want about Lotus Notes, call it dreadful, etc. — but please be aware that this is not the default behavior of the product. This was a choice made by the Notes administrators in your own organization. They have bought into the (foolish, IMHO) conventional wisdom that requiring frequent password changes and dis-allowing re-use improves security because it guarantees that any hole opened up will be closed within a short period of time. Lotus Notes allows this choice in order to accomodate the people who believe this, along with various other options for managing passwords — including requiring no changes at all, ever. I have had the same password for Lotus Notes for 13 years now. Of course, it helps that I am the administrator, so I set the policies. So anyhow in this case your argument is really with your own company’s policies, not with the product.

-rhs

]]>