Educause Security Discussion mailing list archives
Re: Password expiration Process ?
From: Theresa Semmens <theresa.semmens () NDSU EDU>
Date: Fri, 7 Apr 2006 12:15:32 -0500
To everyone who responded to my queries - thank you much for all of your input, it has been very thoughtful and helpful. Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison -----Original Message----- From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU] Sent: Friday, April 07, 2006 12:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password expiration Process ? Thank you. Good point made. Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison -----Original Message----- From: Cal Frye [mailto:cjf () CALFRYE COM] Sent: Friday, April 07, 2006 9:47 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password expiration Process ? I only have tangential comments to add... 122 days is closer to 1/3 year; other intervals will creep around the calendar a bit more. We wanted to avoid having password expiration coincide with semester start/end and other hectic times. Expiring passwords has one benefit not mentioned yet: Account access granted by passing a post-it note to a colleague never expires as quickly as we would like. Without password expiration at all, these things tend to accumulate. I know user education is the proper answer, but some of them refuse ;-) --Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com, www.ouuf.org "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." --Paulo Freire, educator (1921-1997). Kenneth G. Arnold wrote:
Our passwords expire every 120 days. The user receives the following email warnings 1-Between 29 and 30 days before expiration 2-Between 13 and 14 days before expiration 3-Every day starting at 7 days before expiration until the password expires. The account expiration of the approximately 3000 accounts was initially spread over a period of a month so that the password expirations would not all take place on the same day. We have no system in place to reset the password based on answering questions only the user should know. I considered putting something into SCT Banner Web to allow a user to initiate a password reset but since Banner Web will eventually be accessed here inside a portal with Single Sign On it didn't make sense to do this since once SSO was initiated the user would probably not remember their Banner Web PIN. Brother Kenneth Arnold System Administrator Information Technology Services Christian Brothers University (901) 321-4333
Current thread:
- Password expiration Process ? Theresa Semmens (Apr 06)
- <Possible follow-ups>
- Re: Password expiration Process ? Scott Bradner (Apr 06)
- Re: Password expiration Process ? Franklin, Elliott (Apr 06)
- Re: Password expiration Process ? Penn, Blake (Apr 06)
- Re: Password expiration Process ? David Lundy (Apr 06)
- Re: Password expiration Process ? Gary Flynn (Apr 06)
- Re: Password expiration Process ? Drews, Jane E (Apr 07)
- Re: Password expiration Process ? Kenneth G. Arnold (Apr 07)
- Re: Password expiration Process ? Cal Frye (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)