Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password aging

From: Paul Younker <Paul.Younker () GREENVILLE EDU>
Date: Thu, 8 Jan 2004 10:35:59 -0600
We eliminated password aging 2-3 years ago because we also had
determined that forced password changes reduce rather than enhance
security. We found that many faculty had their password written down,
several in clear sight. Also, most passwords became a simple word
followed by a sequence number that the user would increment whenever
they were forced to change passwords. We now encourage much stronger
passwords that aren't forced to change and are determining at what level
we want to enforce password strength.
 
Paul Younker 
Associate Director of Information Technology 
Greenville College 
Greenville, IL 

618.664.7072 
618.664.7080 fax 
paul.younker () greenville edu 

I may not have gone where I intended to go, but I think I have ended up
where I intended to be. - Douglas Adams 

-----Original Message-----
From: Seruya, Stewart [mailto:stewart () MIAMI EDU] 
Sent: Wednesday, January 07, 2004 6:29 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password aging



I'm trying to get a sense on how many have a university-wide Password
policy.  Second, do any have a password aging rule?  

Your input is appreciated.  

Stewart Seruya

University of Miami

********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: