Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking & Consequences

From: "Lucas, Bryan" <b.lucas () TCU EDU>
Date: Thu, 26 Aug 2004 16:27:18 -0500
I don't think I'd ever crack it to help them remember.  If they've
fogotten, reset it to something else.  IMHO, cracking is to improve
security. 
 
Ditto on the comment about hackers are already doing it.
 
Bryan Lucas
Lead Server Administrator
Texas Christian University
(817) 257-6971

        -----Original Message-----
        From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of CAROLE CARMODY
        Sent: Thursday, August 26, 2004 3:30 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: Re: [SECURITY] Password Cracking & Consequences
        
        

        What would be the circumstances under which IT would "crack" a
faculty member's password. Unless there is a violation of the acceptable
use policy or is it that the individual forgets the password?

        Carole Carmody 
        Bloomfield College 

        -----Original Message----- 
        From: Sweeny, Jonny [mailto:jsweeny () INDIANA EDU] 
        Sent: Thursday, August 26, 2004 4:25 PM 
        To: SECURITY () LISTSERV EDUCAUSE EDU 
        Subject: Re: [SECURITY] Password Cracking & Consequences 

        Do IT departments commonly try to crack their users' passwords? 

        That's surprising/scary news to me... 

        ~Jonny 

        -----Original Message----- 
        From: The EDUCAUSE Security Discussion Group Listserv 
        [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason
Brooks 
        Sent: Thursday, August 26, 2004 3:01 PM 
        To: SECURITY () LISTSERV EDUCAUSE EDU 
        Subject: [SECURITY] Password Cracking & Consequences 

        We are looking for any advice on the consequences other
institutions 
        impose 
        on faculty and staff when their password is cracked by IT.  For 
        instance, is 
        it a zero-tolerance system where your password is automatically
reset 
        and 
        you must show up at the Helpdesk to have it reset?  Or, is it a 
        graduated 
        series of consequences, a la "Three Strikes and You're Out,"
e.g., 
        disciplinary action, network restrictions, etc.  Any other 
        configurations? 

        Anything anyone could provide would be helpful.  Trying not to
reinvent 
        the 
        wheel! 

        Jason Brooks 

        Jason Brooks 
        Information Security Technician 
        Longwood University 
        201 High Street 
        Farmville, VA 23909 
        (434) 395-2034 
        mailto:brooksje () longwood edu 

        ********** 
        Participation and subscription information for this EDUCAUSE
Discussion 
        Group discussion list can be found at
http://www.educause.edu/cg/. 

        ********** 
        Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

        ********** Participation and subscription information for this
EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: