Some organisations have a security policy that after three failed authentication attempts an account is locked (requiring manual unlocking by an IT support person) – the goal is to strengthen security, but this actually decreases the security of the organisation.
Posts Tagged ‘policy’
4 Apr
Massey University: out of touch with the real world
A policy on passwords like the one that Massey University has is worse than no policy at all. Of course, when I was there, they forced students to have a four-digit number as their password, despite the fact that doing so violated their own policy, so I guess it’s expected that this will be ignored. Particularly bad [...]
Recent Comments