Educause Security Discussion mailing list archives
Re: Password Policies for today's knowledge worker
From: Mike Iglesias <iglesias () UCI EDU>
Date: Tue, 9 Feb 2016 18:43:21 -0800
On 02/09/2016 05:45 PM, Larry K. Emmons wrote:
Neal, In a similar discussion I was challenged with a question. "Why do I need to change my password?" I went through the typical responses about security and was then asked the same question again. I pondered my dilemma and was then enlightened with a response. I should only have to change my password if it has been compromised. If it hasn't been compromised, why change it? Chicken or egg?
We've had compromised IDS used several years after the student graduated (they get to keep their ID so they can get transcripts, etc). The only recent logins we could find were the people who had the compromised credentials so they've held on to them for some time. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Office of Information Technology FAX: 949-824-2270
Current thread:
- Password Policies for today's knowledge worker Fisch, Neal (Feb 09)
- Re: Password Policies for today's knowledge worker Larry K. Emmons (Feb 09)
- Re: Password Policies for today's knowledge worker David Lundy (Feb 09)
- Re: Password Policies for today's knowledge worker Julie Journitz (Feb 09)
- Re: Password Policies for today's knowledge worker Larry K. Emmons (Feb 10)
- Re: Password Policies for today's knowledge worker Matthew Trump (Feb 10)
- Re: Password Policies for today's knowledge worker Shalla, Kevin (Feb 10)
- Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 10)
- Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 10)
- Re: Password Policies for today's knowledge worker David Lundy (Feb 09)
- Re: Password Policies for today's knowledge worker Larry K. Emmons (Feb 09)
- Re: Password Policies for today's knowledge worker Thomas Carter (Feb 10)
- Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 09)
- <Possible follow-ups>
- Re: Password Policies for today's knowledge worker Brad Judy (Feb 10)