Re: Current Best Practice regarding Password Change policy

[Roger Safian <r-safian () NORTHWESTERN EDU>]

We have a similar system.  We force password changes every 100 days, and you
cannot use a recently used password.  

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barbara Deschapelles
Sent: Friday, September 24, 2010 7:28 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Current Best Practice regarding Password Change policy

 



We currently require all, Students, Faculty and Staff, to change passwords
every 90 days and we are enforcing unique passwords (no repeats). This is a
relatively new requirement here and we are getting a lot of push back on the
change.  I'd like to get a feel for what people accept as current best
practice for password change intervals and other related policies, and also,
if it is different than the best practice what people are actually doing (if
you wish to share that :-)

 

Thanks for your help.  I'll be glad to summarize for the group if there is
interest in that.

 

 

 

 

Barb Deschapelles

Executive Director Information Technology

Clark State Community College

570 East Leffel Lane

PO Box 570

Springfield, OH 45501-0570

Phone: 937 328-6144

 

Think before you print - save a tree.