Re: Password Policies for today's knowledge worker

[Mike Iglesias <iglesias () UCI EDU>]

On 02/09/2016 05:45 PM, Larry K. Emmons wrote:
> Neal,
>
> In a similar discussion I was challenged with a question. "Why do I need to
> change my password?"  I went through the typical responses about security and
> was then asked the same question again.  I pondered my dilemma and was then
> enlightened with a response.  I should only have to change my password if it
> has been compromised.  If it hasn't been compromised, why change it?
>
> Chicken or egg?

We've had compromised IDS used several years after the student graduated (they
get to keep their ID so they can get transcripts, etc).  The only recent logins
we could find were the people who had the compromised credentials so they've
held on to them for some time.


-- 
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270