Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking & Consequences

From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Fri, 27 Aug 2004 11:06:40 -0400
Michael Mills wrote:


Or another scenario, a staff/faculty
member is identified to have attempted to access areas he/she does not have
access to, so the university decides to let this person go.  That person
gets a lawyer and charges that on a regular basis the IT staff "cracks"
their passwords and because of that how can it be proved 100% that that
person is the guilty party?  I wouldn't want to be part of that lawsuit.





I think you are missing the point.  The IT staff, being that they *are*
the IT staff would already have access to anyones account.  A weak
password audit has nothing to do with anyone having access to their
account.  The whole point is to *prevent* unauthorized access.
Attempting to crack a users password does nothing but ensure that the
password is secure.

--
-- Justin Azoff
-- Network Performance Analyst

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: