Security Basics mailing list archives
RE: Password changes more than once per day
From: Gene LeDuc <Gene.LeDuc () tns-md com>
Date: Wed, 11 Feb 2004 15:00:10 -0500
The help desk should be able to override the minimum-age setting for situations like this. -----Original Message----- From: bsec () cotse net [mailto:bsec () cotse net] Sent: Tuesday, February 10, 2004 4:28 PM To: bob_kelley_jr () yahoo com Cc: security-basics () securityfocus com Subject: Re: Password changes more than once per day As several people have already pointed out, requiring users to wait a period of time prevents/discourages password re-use; however, by not allowing users to change their passwords immediately could also have the negative side effect of allowing weak passwords to exist on one's system. Consider the situation if while a user was entering a new password someone watched them type their new password (i.e. shoulder surfed), the account would be vulnerable until the user was allowed to change their password again. --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Password changes more than once per day Bob Kelley (Feb 10)
- Re: Password changes more than once per day Charlie Fraser (Feb 10)
- Re: Password changes more than once per day bauchi (Feb 10)
- RE: Password changes more than once per day Joey Peloquin (Feb 10)
- <Possible follow-ups>
- RE: Password changes more than once per day Pamela Gott (Feb 10)
- RE: Password changes more than once per day Gene LeDuc (Feb 10)
- RE: Password changes more than once per day Josh Mills (Feb 11)
- Re: Password changes more than once per day bsec (Feb 11)
- RE: Password changes more than once per day Gene LeDuc (Feb 12)