Educause Security Discussion mailing list archives
Re: Current Best Practice regarding Password Change policy
From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Fri, 24 Sep 2010 07:08:35 -0700
Barb mentioned: #We currently require all, Students, Faculty and Staff, to change passwords #every 90 days and we are enforcing unique passwords (no repeats). This is #a relatively new requirement here and we are getting a lot of push back on #the change. I'd like to get a feel for what people accept as current best #practice for password change intervals and other related policies, and #also, if it is different than the best practice what people are actually #doing (if you wish to share that :-) I think I've previously mentioned this resource, but FWIW, you're welcome to see the password talk I did for the Northwest Academic Computing Consortium a year or so ago: "Passwords" http://darkwing.uoregon.edu/~joe/passwords/passwords.pdf I discuss password changes a bit in section 4 at pages 59-66. Regards, Joe St Sauver (joe () oregon uoregon edu) http://darkwing.uoregon.edu/~joe/
Current thread:
- Re: Current Best Practice regarding Password Change policy, (continued)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Re: Current Best Practice regarding Password Change policy Roger Safian (Sep 24)
- Re: Current Best Practice regarding Password Change policy Valdis Kletnieks (Sep 24)
- Re: Current Best Practice regarding Password Change policy Bob Bayn (Sep 24)
- Re: Current Best Practice regarding Password Change policy Harry E Flowers (flowers) (Sep 24)
- Message not available
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Re: Current Best Practice regarding Password Change policy Roger Safian (Sep 24)
- Re: Current Best Practice regarding Password Change policy Cal Frye (Sep 24)
- Re: Current Best Practice regarding Password Change policy Hugh Burley (Sep 24)
- Re: Current Best Practice regarding Password Change policy Joe St Sauver (Sep 24)
- Re: Current Best Practice regarding Password Change policy James Farr '05 (Sep 24)
- Re: Current Best Practice regarding Password Change policy Barbara Deschapelles (Sep 25)