Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password policy

From: Harold Winshel <winshel () CAMDEN RUTGERS EDU>
Date: Wed, 1 Nov 2006 21:59:42 -0500
A growing number of our users have laptop pc's.

Our concern is protecting the data when the thief has physical
posession of the computer.

At 09:30 PM 11/1/2006, Jeff Kell wrote:

Geoff Nathan wrote:
>
> But seriously, who's going to try to break into Professor Snerdwell's
> e-mail account with a dictionary attack?  And unless we're worried
> about month-long sustained attacks, frequent password changes are just
> annoying without buying additional security.  Making people change
> their passwords every ninety days doesn't teach good computer hygiene,
> it annoys them and confirms their impression that the IT people have
> nothing better to do.

Hear, hear!

Hackers don't crack passwords anymore, they simply present a
socially-engineered URL for the already-authenticated user to click on
for a drive-by install of the backdoor/keylogger of his choice.

Jeff


Harold Winshel
Computing and Instructional Technologies
Faculty of Arts & Sciences
Rutgers University, Camden Campus
311 N. 5th Street, Room B10 Armitage Hall
Camden NJ 08102
(856) 225-6669 (O)
Previous By Date Next
Previous By Thread Next

Current thread: