Educause Security Discussion mailing list archives

Re: passworded screen savers with timeouts, why?

From: Bob Kehr <rskehr () UCDAVIS EDU>
Date: Thu, 14 Dec 2006 14:49:51 -0800

We, too, have this policy. It can be a hard sell.

Out of curiosity, what is your prescribed time of inactivity before the
screensaver engages? What environments is it used in (including faculty
offices?)?

-Bob

-----Original Message-----
From: Chris Green [mailto:cmgreen () UAB EDU]
Sent: Thursday, December 14, 2006 2:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] passworded screen savers with timeouts, why?

I'm assuming by timeouts you mean the screensaver engages after N
minutes of inactivity.
The reason is to tie the user's logged in state to their actual
identity.  If someone walks away, someone can now do activity under the
user's account.

An example I use here:  If you're logged into our ERP application, you
can do self-service payroll adjustment.  Wouldn't you hate if someone
just sat down and changed YOUR direct deposit to THEIR account?

Since people tend to use multiple applications, I try to use the
workstation as the place to do locking so people don't have to then get
into the other 4 applications that have timed out since they went to
lunch.

That said, it's still a very hard sell in some areas.

-----Original Message-----
From: Michael Fox [mailto:Mfox () GEORGIASOUTHERN EDU]
Sent: Thursday, December 14, 2006 3:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] passworded screen savers with timeouts, why?

 We are in the implementation stage of password and workstation
policies. My questions, which comes from a number of users, is why a
screen saver with a timeout period that requires entering a password
when unlocking the screen saver?

I have my answers (not a lot) for this but I would like to see what
others would have to say about this. It is part of a DID from my
perspective, but  not the only piece for the workstation.

Any opinions about this one way or another would be appreciated
(hopefully most would be for locking the workstation).

Oh, by the way we are doing this with Novell Zenworks.

Thanks in advance,

Mike

Mike Fox
Georgia Southern University
Information Technology Services
Office of Information Security
mfox () georgiasouthern edu
(912)871-1592

Jeremiah 29:11-16

Current thread:

passworded screen savers with timeouts, why? Michael Fox (Dec 14)
- <Possible follow-ups>
- Re: passworded screen savers with timeouts, why? Selden E Ball Jr (Dec 14)
- Re: passworded screen savers with timeouts, why? Chris Green (Dec 14)
- Re: passworded screen savers with timeouts, why? Bob Kehr (Dec 14)
- Re: passworded screen savers with timeouts, why? Bruce Curtis (Dec 14)
- Re: passworded screen savers with timeouts, why? Chris Green (Dec 14)
- Re: passworded screen savers with timeouts, why? Jim Dillon (Dec 15)
- Re: passworded screen savers with timeouts, why? Valdis Kletnieks (Dec 15)
- Re: passworded screen savers with timeouts, why? Waller, Michael A. (HSC) (Dec 15)
- Re: passworded screen savers with timeouts, why? Geoffrey S. Nathan (Dec 15)