Security Basics mailing list archives

Re: Password changes more than once per day

From: Charlie Fraser <fraserc () mail montclair edu>
Date: Tue, 10 Feb 2004 19:06:48 -0500

Bob, IMHO even once a day is too often. Having this policy in place putsa natural check and balance to alert the security and IT staff thatthere may be a security problem. If a user needs to change theirpassword more than once a week something is going on. What is the user'srational to this request? Just curious.


Charlie


Bob Kelley wrote:

Can someone please explain the security implications of allowing a user to change their password more than one time per day 
without involving an account administrator? What's the risk ?

I specified the security requirement of not allowing a user to change their password more than once per day for an outsourcing project and I am being asked why. I could not remember my reasoning other than it's a requirement for microsoft security policies to ensure password history is enforced.



Thanks!

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------



--
Charlie Fraser
Systems Engineer MCSE, CCEA, A+
Montclair State University
973-655-7868
fraserc () mail montclair edu


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

Current thread:

Password changes more than once per day Bob Kelley (Feb 10)
- Re: Password changes more than once per day Charlie Fraser (Feb 10)
- Re: Password changes more than once per day bauchi (Feb 10)
- RE: Password changes more than once per day Joey Peloquin (Feb 10)
- <Possible follow-ups>
- RE: Password changes more than once per day Pamela Gott (Feb 10)
- RE: Password changes more than once per day Gene LeDuc (Feb 10)
- RE: Password changes more than once per day Josh Mills (Feb 11)
- Re: Password changes more than once per day bsec (Feb 11)
- RE: Password changes more than once per day Gene LeDuc (Feb 12)