Educause Security Discussion mailing list archives
Re: Current Best Practice regarding Password Change policy
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 24 Sep 2010 09:28:44 -0500
We have a similar system. We force password changes every 100 days, and you cannot use a recently used password. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barbara Deschapelles Sent: Friday, September 24, 2010 7:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Current Best Practice regarding Password Change policy We currently require all, Students, Faculty and Staff, to change passwords every 90 days and we are enforcing unique passwords (no repeats). This is a relatively new requirement here and we are getting a lot of push back on the change. I'd like to get a feel for what people accept as current best practice for password change intervals and other related policies, and also, if it is different than the best practice what people are actually doing (if you wish to share that :-) Thanks for your help. I'll be glad to summarize for the group if there is interest in that. Barb Deschapelles Executive Director Information Technology Clark State Community College 570 East Leffel Lane PO Box 570 Springfield, OH 45501-0570 Phone: 937 328-6144 Think before you print - save a tree.
Current thread:
- Re: Current Best Practice regarding Password Change policy, (continued)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy charlie derr (Sep 24)
- Re: Current Best Practice regarding Password Change policy randy marchany (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Re: Current Best Practice regarding Password Change policy Roger Safian (Sep 24)
- Re: Current Best Practice regarding Password Change policy Valdis Kletnieks (Sep 24)
- Re: Current Best Practice regarding Password Change policy Bob Bayn (Sep 24)
- Re: Current Best Practice regarding Password Change policy Harry E Flowers (flowers) (Sep 24)
- Message not available
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Re: Current Best Practice regarding Password Change policy James Farr '05 (Sep 24)