Tracking User Passwords
It’s been a long time since this came up, but with all the remote access changes in the last few weeks, the topic of who knows the users’ passwords has come back to the top of our clients’ minds.
We don’t track your users’ passwords. We never have, we don’t now, and we don’t see this changing in the near future. There are a couple of very good reasons.
A user can choose to change his or her password any time he or she wishes. We cannot see a user’s password anyway, so we would have no way to know what it was changed to.
In fact, when we setup a new user, we send a temporary password. As soon as the user logs in for the first time, he or she is prompted to change the password right away. You’ve probably run into this when you’ve been given a temporary password for a website login; same idea. This provides safety for you and for your user. No one has the new password except the user.
We can change a password for any user, any time you need this done. If a user’s account has been compromised, or the computer is lost, we can change the password right away. If the user is leaving your company or you’ve released the individual, we can change the password.
One other thought—we recommend requiring users to change their passwords every 90 days. We know that many people use the same password on other sites. Requiring a change every 90 days limits the risk of compromised passwords in your environment.
When it comes to the users’ login and passwords, we do not and cannot track their passwords. A user can change his or her password any time he or she wishes. We can change their passwords any time you wish!—CMW