Educause Security Discussion mailing list archives
Re: Current Best Practice regarding Password Change policy
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 24 Sep 2010 11:02:34 -0400
On Fri, 24 Sep 2010 09:09:25 CDT, "Doty, Timothy T." said:
Something I've always been curious about was the point of not allowing last X passwords to be re-used. Won't the user simply cycle through passwords (say, BadPassword1, BadPassword2, etc. or use a random password generator) until the one they want is out of the history?
Some systems enforce a *MINIMUM* number of days before a password can be changed, to prevent that. The well-designed ones allow that minimum to be overridden in case a password is compromised. And yes, I've seen some not-well-designed ones. :)
Attachment:
_bin
Description:
Current thread:
- Re: Current Best Practice regarding Password Change policy, (continued)
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy Jack Reardon (Sep 24)
- Re: Current Best Practice regarding Password Change policy Conor McGrath (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy charlie derr (Sep 24)
- Re: Current Best Practice regarding Password Change policy randy marchany (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
- Re: Current Best Practice regarding Password Change policy Roger Safian (Sep 24)
- Re: Current Best Practice regarding Password Change policy Valdis Kletnieks (Sep 24)
- Re: Current Best Practice regarding Password Change policy Bob Bayn (Sep 24)
- Re: Current Best Practice regarding Password Change policy Harry E Flowers (flowers) (Sep 24)
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Message not available
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
- Re: Current Best Practice regarding Password Change policy James Farr '05 (Sep 24)