Texas Al wrote:It might be a good idea, but it is none of Intuit's business what our password policy is. Anybody that can bypass our network login security can surely bust the QB password also. It is not necessary.
But it is your clients' business. While QB desktop company files have a reputation for being "crackable", how do you know that Intuit hasn't beefed up the encryption level along with the password requirements? Also, your comment completely ignores that fact that for your garden-variety disgruntled employee or other low-level hacker, a company file without a password is much more vulnerable than one with a password, regardless of whether the password can be defeated. So yes, it is necessary.
What isn't necessary, and as previously discussed does not seem to apply in most cases under the new software patch, are required password changes.
Per Bruce Schneier, security expert,
"
I've been saying for years that requiring frequent password changes is bad security advice, that it encourages poor passwords. Lorrie Cranor, now the FTC's chief technologist, agrees:http://arstechnica.com/security/2016/08 ... gist-says/"