note
lindex
Well the last ISP I worked for maintained a pretty simple<br>
policy for passwords that worked out well.<br>
We randomly generated them all and never stored them.<br>
Sure the users didnt like weird long passwords but they never<br>
complained much after we explained to them how much that improves security.<br>
so its easy:<br>
<ul>
<li>Randomly generated a password on account creation</li>
<li>If password is lost, match secret phrase (mother maiden name, etc ..)<br>
and reset it with another randomly genereated password.
<li>Make sure have a explanation on your page as to why you password policy is secure.
</ul>
<br><br><br><center>
<a href="/index.pl?node=lindex&lastnode_id=1072">lindex</a>
<CODE>
/****************************/
jason@gost.net, wh@ckz.org
http://jason.gost.net
/*****************************/
</CODE>
</center>
27752
27752