Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password aging

From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Wed, 7 Jan 2004 20:16:50 -0500
Stewart,

We have a university-wide password standard (online at
http://security.georgetown.edu/passwords.html), which was essentially
enabled by our information security policy.  We currently do not require
password aging as a part of our password guidelines, but certain systems
do require it.  We may opt to require password aging in the future, but as
Scott commented (and similar to routine forced password changes), one can
make a case that it has a negative effect on password strength.

--Brian

______________________________________________
Brian Reilly, CISSP
University Network Security Officer
Georgetown University, UIS
<reillyb () georgetown edu>
+1 202.687.2775

On Wed, 7 Jan 2004, Seruya, Stewart wrote:


I'm trying to get a sense on how many have a university-wide Password
policy.  Second, do any have a password aging rule?

Your input is appreciated.

Stewart Seruya
University of Miami

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: