This checklist is a great idea.

But, it could be simplified for non-computer administrators/gurus.
For example: (Why shouldn't I run as Administrator?) is great for someone who is skeptical and wants to know why before following someone else's advice. But for the novice who is willing to believe and just needs to be told how, how about a quick cookbook approach: (How do I tell if I'm running as Administrator?) - with a short 25 words or less explanation; (How do I set up a non Administrator ID?); (How do I run as RUNAS?) - again a short explanation would be good.

Regarding (What are some rules for good passwords?), I think someone spends too much time figuring out what not to do in passwords. For example Dictionary Words, Proper Nouns, or Foreign Words, and Personal Information can be used safely if more than 1 are used combined with numbers or special characters in a unique way. These kind will only be deciphered with brute force anyway - and will be more easily remembered without having to write them down. Writing down a very complex "approved" password would be more risky.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/220/25102#25102