Originally Posted by SpaceBass
Join the club!
Mrs. SpaceBass thinks I'm a freak... "why do I have to change my password every 90 days? and why does it have to be so complex?"
I'll have to graciously disagree with you on this point. I think it's a very bad idea to enforce semi-regular (e.g., less than every 6 months) password changes! In my experience, doing so causes people to pick LESS secure passwords and then do stupid things like write them down in their wallet since they can't remember the new passwords that they have to keep changing. What's the point anyways? If someone's broken into an account, having the password changed a month later is not going to alleviate that security breach. I'm a fan of enforcing complex (but reasonable) passwords and not requiring changes more than every 6 months or so. I've had semi-heated discussions with IT folks more than once about this.
I remember the last company I was at that required this I ended up just changing my (fairly secure) password by one digit each change cycle. Easy to remember for me, no chance of dictionary attack, and no need to store it elsewhere or re-memorize it.
Edit: This is also a principle thing for people remembering/writing passwords in general. I have a very odd memory; I have a very bad memory for names and faces, but have asbolutely no problem remembering tons of passwords, email addreses, and IP addresses. I can probably come up with several dozen IP addresses for current and past servers, routers, and switches off the top of my head... but completely forget someone who I just met an hour ago.
Originally Posted by SpaceBass
I use 64 bit passwords on my wireless APs...
This works fine at home (I just use WPA2 Personal myself), but I would absolutely not trust wireless security on a corporate network. As far as I am concerned, a corporate wireless network should be completely open, but ONLY allow access to the VPN server. Then everyone should have to VPN in via a theoretically more-cryptographically-secure VPN client to gain access to the actual network.
<-- Very paranoid!
(And perhaps rightfully so. I've been hit by a total of one piece of malware in my years of computing; a fairly harmless Mac OS 7 virus when I was 10 or so. All it did was speak something strange via the horrible speech synthesis at the time when you booted up.
)