Re: Password Cracking & Consequences

[Stephen Bernard <sbernard () GMU EDU>]

Sweeny, Jonny wrote:
> Do IT departments commonly try to crack their users' passwords?
>
> That's surprising/scary news to me...
>
> ~Jonny
>
> -----Original Message-----
> From: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason Brooks
> Sent: Thursday, August 26, 2004 3:01 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Password Cracking & Consequences
>
> We are looking for any advice on the consequences other institutions
> impose
> on faculty and staff when their password is cracked by IT.  For
> instance, is
> it a zero-tolerance system where your password is automatically reset
> and
> you must show up at the Helpdesk to have it reset?  Or, is it a
> graduated
> series of consequences, a la "Three Strikes and You're Out,"  e.g.,
> disciplinary action, network restrictions, etc.  Any other
> configurations?
>
> Anything anyone could provide would be helpful.  Trying not to reinvent
> the
> wheel!
>
> Jason Brooks
>
> Jason Brooks
> Information Security Technician
> Longwood University
> 201 High Street
> Farmville, VA 23909
> (434) 395-2034
> mailto:brooksje () longwood edu
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/cg/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/cg/.


If I may translate, I believe that Jason is asking, "What
restrictions/ramifications are imposed by the IT department on faculty
and staff who don't set strong passwords, leading to "their" computer
being compromised."

Did I get this right Jason?


Regards,

Steve Bernard
George Mason University
Fairfax, Virginia

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.