AD and enforced password policies

Måns Nilsson mansaxel at
Tue Jan 3 13:43:55 UTC 2012

Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 05:31:12AM -0800 Quoting Michael Thomas (mike at
> For most need-to-join sites, I think this is a pretty reasonable solution. Maybe
> not for, oh say, financial sites where password recovery is a little bit scarier,
> but for the run of the mill app/site... it seems that this solution at least
> solves the domino problem.

There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and password/pin code. Most banks have a hardware token,
either challenge-response or HOTP/TOTP; some use the chip in chip-and-pin
cards as certificate carrier, and combine it with a reader device to
manage pin code entry.

Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Hello?  Enema Bondage?  I'm calling because I want to be happy, I guess ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <>

More information about the NANOG mailing list