Educause Security Discussion mailing list archives
Re: Please do not change your password
From: Allison Dolan <adolan () MIT EDU>
Date: Wed, 14 Apr 2010 10:49:32 -0400
RE: the auditors - If you are talking about internal auditors, in general, they do not make the rules - they check to make sure you are following the rules. So the question is, who made those rules? (and I suspect the answer, in many cases, would come back to the IT dept....) Allison F. Dolan Program Director, Protecting Personally Identifiable Information Massachusetts Institute of Technology On Apr 14, 2010, at 9:04 AM, Justin Sherenco wrote:
Hello, I came across an interesting article on password changes. Author Cormac Herley of Microsoft makes a good case albeit just a cost- benefit analysis. I had to go back and think of why these types of policies were created in the first place. I came to my own conclusion that they were created before the days of complex password (passphrase) enforcement and the ability to automatically lock out accounts after X amount of failed log-in attempts. Do you think he can convince the auditors? http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/ please_do_not_change_your_password/?page=full Regards, Justin ------------------------------------- Justin Sherenco Security Analyst 734-487-8574 Easten Michigan University http://it.emich.edu/security
Current thread:
- Re: Please do not change your password, (continued)
- Re: Please do not change your password Doty, Timothy T. (Apr 14)
- Re: Please do not change your password David LaPorte (Apr 14)
- Re: Please do not change your password SCHALIP, MICHAEL (Apr 14)
- Re: Please do not change your password Doty, Timothy T. (Apr 14)
- Re: Please do not change your password Mike Porter (Apr 14)
- Re: Please do not change your password Mike Porter (Apr 14)
- Re: Please do not change your password SCHALIP, MICHAEL (Apr 14)
- Re: Please do not change your password Justin Sherenco (Apr 14)
- Re: Please do not change your password Valdis Kletnieks (Apr 14)
- Re: Please do not change your password Basgen, Brian (Apr 14)
- Re: Please do not change your password Allison Dolan (Apr 14)
- Re: Please do not change your password Doty, Timothy T. (Apr 14)
- Re: Please do not change your password Paul Kendall (Apr 14)
- Re: Please do not change your password David LaPorte (Apr 14)
- Re: Please do not change your password Jeff Kell (Apr 14)
- Re: Please do not change your password Jacob Steelsmith (Apr 14)
- Re: Please do not change your password Steve Werby (Apr 15)
- Re: Please do not change your password Steve Werby (Apr 15)
- Re: Please do not change your password Allison Dolan (Apr 15)
- Re: Please do not change your password John Ladwig (Apr 15)
- Re: Please do not change your password Paul Kendall (Apr 15)
(Thread continues...)