Educause Security Discussion mailing list archives

Re: Password aging

From: Scott Bradner <sob () HARVARD EDU>
Date: Wed, 7 Jan 2004 19:43:37 -0500

I'm trying to get a sense on how many have a university-wide Password Policy


not here at Harvard (many many different systems)
just installed (today) a quite restrictive password checker on the
core university PIN system

Second, do any have a password aging rule?


latest research I've seen (see for example the new edition of the
Bellovin firewalls book) says that forced password aging reduces
not increaces security - i.e. its a bad idea

Scott

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Password aging Seruya, Stewart (Jan 07)
- <Possible follow-ups>
- Re: Password aging Scott Bradner (Jan 07)
- Re: Password aging Gary Dobbins (Jan 07)
- Re: Password aging Tim Lane (Jan 07)
- Re: Password aging Brian Reilly (Jan 07)
- Re: Password aging Theresa M Rowe (Jan 08)
- Re: Password aging Jane Drews (Jan 08)
- Re: Password aging Paul Younker (Jan 08)
- Re: Password aging Dick Jacobson (Jan 08)
- Re: Password aging Paul Russell (Jan 08)
- Re: Password aging Jenny Gluck (Jan 08)
- Re: Password aging Scott Bradner (Jan 08)

(Thread continues...)