Educause Security Discussion mailing list archives
Re: Don't Display Last Username??
From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 11 Oct 2007 17:30:15 -0400
Jarrod Millman wrote:
On 10/11/07, Gibson, Nathan J. (HSC) <Nathan-Gibson () ouhsc edu> wrote:Every " security best practices" document I have read suggests enabling this setting on the domain, however I need to justify it. I have a list that has some good points but I wanted to see the justification other security practitioners have for their organization.I think the main reason is that to gain access to most computers requires at least two things: 1) a login name and 2) a password. If a computer displays the last user's login, then one of the two pieces of information needed to gain access is exposed.
This assumes your usernames are not easily guessed. But if there is likely to be a "jsmith" somewhere on campus... -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "I am not blaming those who are resolved to rule, only those who show an even greater readiness to submit." --Thucydides.
Current thread:
- Don't Display Last Username?? Gibson, Nathan J. (HSC) (Oct 11)
- <Possible follow-ups>
- Re: Don't Display Last Username?? Rizzo, Jim (Oct 11)
- Re: Don't Display Last Username?? Jarrod Millman (Oct 11)
- Re: Don't Display Last Username?? Gregg, Christopher S. (Oct 11)
- Re: Don't Display Last Username?? Gary Dobbins (Oct 11)
- Re: Don't Display Last Username?? Cal Frye (Oct 11)
- Re: Don't Display Last Username?? Dennis Tracz (Oct 11)
- Re: Don't Display Last Username?? Eric Case (Oct 11)
- Re: Don't Display Last Username?? Matthew Keller (Oct 12)
- Re: Don't Display Last Username?? Abreu, Jose A (Oct 12)