Educause Security Discussion mailing list archives
Re: Password expiration - was Re: [SECURITY] Security Awareness Programs
From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Thu, 3 Apr 2014 14:53:09 +0000
I think extending password expiration times to 180-360 days or eliminating them entirely would help motivate people to accept multi-factor authentication.
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Von Welch Sent: Thursday, April 03, 2014 10:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password expiration - was Re: [SECURITY] Security Awareness ProgramsThat being said, I'm pinning my hopes on multi-factor authentication.Every multi-factor I've seen in wide use today is password plus something. Do password policies go away if there is a additional factor? Von On Apr 3, 2014, at 8:50 AM, Roger A Safian <r-safian () NORTHWESTERN EDU> wrote:Ultimately, I'm not finding the benefit strong enough to move me from my core belief that it's not worth the usability trade-off and we should instead be focusing energy getting users to use password managers. But I admit that's subjective.I'm not sure that password managers will take off. The whole passwordsystem is little more than an annoyance to most users, and until that changes, we're just expending a lot of energy, mostly needlessly. That
being
said, I'm pinning my hopes on multi-factor authentication. Maybe one of
us
will get lucky.
Attachment:
smime.p7s
Description:
Current thread:
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Shane Williams (Apr 02)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 02)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Flynn, Gary - flynngn (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Mike Cunningham (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Carlos Lobato (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Chris Green (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Rich Graves (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 02)
- <Possible follow-ups>
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Shane Williams (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Joe St Sauver (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)