Educause Security Discussion mailing list archives
Re: Password aging
From: "David L. Wasley" <david.wasley () UCOP EDU>
Date: Wed, 14 Jan 2004 10:03:54 -0800
Yes - the mole scenario. Assuming the use never looks at the access log file they might never notice. However - how did the mole learn the passwd in the first place? If you make the assumption that the only way a mole could have gotten the password is overtly from the user sharing it, then I don't think requiring periodic changes adds anything to the security. Requiring changes whenever the password -is- given to someone else is another matter. Thanks, David ----- At 11:39 AM -0600 on 1/14/04, Craig W. Drake wrote:
David, The rationale that I see is in the situation where an attacker learns the password of someone's account but that user never actually knows that their account has been compromised. By requiring that a user change his/her password periodically, an attacker will not have "permanent" access to that account. And actually, I do believe that people should change their ATM PINs periodically. Craig W. Drake, MCSE Windows Server Systems Administrator Networking and Distributed Services Northeastern Illinois University
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password aging, (continued)
- Re: Password aging Eoghan Casey (Jan 10)
- Re: Password aging Jim Moore (Jan 13)
- Re: Password aging Steve Worona (Jan 13)
- Re: Password aging Gary Flynn (Jan 13)
- Re: Password aging Jim Moore (Jan 14)
- Re: Password aging Steve Worona (Jan 14)
- Re: Password aging David L. Wasley (Jan 14)
- Re: Password aging Craig W. Drake (Jan 14)
- Re: Password aging Gary Dobbins (Jan 14)
- Re: Password aging Jere Retzer (Jan 14)
- Re: Password aging David L. Wasley (Jan 14)
- Re: Password aging Angel L Cruz (Jan 14)
- Re: Password aging Gary Dobbins (Jan 14)
- Re: Password aging David L. Wasley (Jan 14)
- Re: Password aging Tim Lane (Jan 14)
- Re: Password aging Gary Flynn (Jan 14)
- Re: Password aging Dave Koontz (Jan 14)
- Re: Password aging Cal Frye (Jan 15)
- Re: Password aging Gary Dobbins (Jan 15)
- Re: Password aging Dennis Maloney (Jan 16)
- Re: Password aging Gordon D. Wishon (Jan 17)