Educause Security Discussion mailing list archives
Re: Current Best Practice regarding Password Change policy
From: Jason Testart <jatestart () UWATERLOO CA>
Date: Fri, 24 Sep 2010 10:33:07 -0400
On 9/24/2010 8:52 AM, Valdis Kletnieks wrote:
(Anybody want to publicly admit they were able to sell the auditors on what Spaf said, and managed to eliminate mandatory changes?)
We are about to introduce mandatory password changes here, after a recent audit. The Spaf arguments didn't fly with our auditors, so the best I could do is set a standard of a year by default, and 126 or so days (one academic term) for more sensitive areas. That's what we're going to do.
The way I see it: Compliance 1, Security 0
Current thread:
- Re: Current Best Practice regarding Password Change policy, (continued)
- Re: Current Best Practice regarding Password Change policy Koski, David (Sep 24)
- Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
- Re: Current Best Practice regarding Password Change policy Jack Reardon (Sep 24)
- Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
- Re: Current Best Practice regarding Password Change policy Dexter Caldwell (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy Dexter Caldwell (Sep 24)
- Re: Current Best Practice regarding Password Change policy Joel Rosenblatt (Sep 24)
- Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
- Re: Current Best Practice regarding Password Change policy Joel Rosenblatt (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy Jack Reardon (Sep 24)
- Re: Current Best Practice regarding Password Change policy Conor McGrath (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy charlie derr (Sep 24)