Educause Security Discussion mailing list archives
Re: Account Lockout Settings
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 27 Apr 2010 14:32:43 -0500
At 02:25 PM 4/27/2010, Rivers, Andrew E put fingers to keyboard and wrote:
As our users change their password, it never fails that at least one of these many devices will continue to authenticate with the old password and, as you guessed, lock out their account.
Our group advocates the use of lockouts that expire after some point of time. Lockouts that don't expire can just be used as a denial of service attack. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 467-6437 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Account Lockout Settings Rivers, Andrew E (Apr 27)
- <Possible follow-ups>
- Re: Account Lockout Settings Roger Safian (Apr 27)
- Re: Account Lockout Settings Russell Fulton (Apr 27)