Educause Security Discussion mailing list archives
Re: Password expiration - was Re: [SECURITY] Security Awareness Programs
From: Rich Graves <rgraves () CARLETON EDU>
Date: Thu, 3 Apr 2014 12:42:20 -0500
Ideally, what I'd like is technology clearly showing users how and where passwords have been used, a policy mandating that they review that information periodically, and multi-factor authentication where it makes sense. It would be nice to add some security awareness training at the same time. After reviewing their login history and awareness materials, perhaps the user will decide that their password should be changed, but I wouldn't force them to. "1.5 factor" persistent browser cookies and device-specific credentials (perhaps being standardized as UMA, but it has been and remains a long road) are adequate against current phishing, exposure, and disclosure threats. -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin
Current thread:
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Shane Williams (Apr 02)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 02)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Flynn, Gary - flynngn (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Mike Cunningham (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Carlos Lobato (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Chris Green (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Rich Graves (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 02)
- <Possible follow-ups>
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Shane Williams (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Joe St Sauver (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)