Educause Security Discussion mailing list archives

Re: Account Lockout Settings

From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 27 Apr 2010 14:32:43 -0500

At 02:25 PM 4/27/2010, Rivers, Andrew E put fingers to keyboard and wrote:

As our users change their password, it never fails that at least one of these many devices will continue to 
authenticate with the old password and, as you guessed, lock out their account.


Our group advocates the use of lockouts that expire after some point
of time.  Lockouts that don't expire can just be used as a denial
of service attack.



--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 467-6437   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"

Current thread:

Account Lockout Settings Rivers, Andrew E (Apr 27)
- <Possible follow-ups>
- Re: Account Lockout Settings Roger Safian (Apr 27)
- Re: Account Lockout Settings Russell Fulton (Apr 27)