Re: Current Best Practice regarding Password Change policy

[Joe St Sauver <joe () OREGON UOREGON EDU>]

Barb mentioned:

#We currently require all, Students, Faculty and Staff, to change passwords
#every 90 days and we are enforcing unique passwords (no repeats). This is
#a relatively new requirement here and we are getting a lot of push back on
#the change.  I'd like to get a feel for what people accept as current best
#practice for password change intervals and other related policies, and
#also, if it is different than the best practice what people are actually
#doing (if you wish to share that :-)

I think I've previously mentioned this resource, but FWIW, you're welcome
to see the password talk I did for the Northwest Academic Computing 
Consortium a year or so ago:

   "Passwords"
   http://darkwing.uoregon.edu/~joe/passwords/passwords.pdf

I discuss password changes a bit in section 4 at pages 59-66.

Regards,

Joe St Sauver (joe () oregon uoregon edu)
http://darkwing.uoregon.edu/~joe/