Security Basics mailing list archives
RE: Password changes more than once per day
From: "Josh Mills" <JMills () cnbwaco com>
Date: Tue, 10 Feb 2004 18:15:59 -0600
I have users who have done this, and they must have been dedicated because my password history is 24 so it took them a
few minutes.
-----Original Message-----
From: Gene LeDuc [mailto:Gene.LeDuc () tns-md com]
Sent: Tue 2/10/2004 6:07 PM
To: 'Bob Kelley'
Cc: security-basics () securityfocus com
Subject: RE: Password changes more than once per day
The main reason that I can see is to prevent people from defeating a rule
such as "you can't use any of your last 12 passwords". If there's no
minimum password life then I could change my password 12 times in a few
minutes and then make the final change back to my original. I have users
who would do this.
-----Original Message-----
From: Bob Kelley [mailto:bob_kelley_jr () yahoo com]
Sent: Tuesday, February 10, 2004 1:32 PM
To: security-basics () securityfocus com
Subject: Password changes more than once per day
Can someone please explain the security implications of allowing a user to
change their password more than one time per day without involving an
account administrator? What's the risk ?
I specified the security requirement of not allowing a user to change their
password more than once per day for an outsourcing project and I am being
asked why. I could not remember my reasoning other than it's a requirement
for microsoft security policies to ensure password history is enforced.
Thanks!
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
Current thread:
- Password changes more than once per day Bob Kelley (Feb 10)
- Re: Password changes more than once per day Charlie Fraser (Feb 10)
- Re: Password changes more than once per day bauchi (Feb 10)
- RE: Password changes more than once per day Joey Peloquin (Feb 10)
- <Possible follow-ups>
- RE: Password changes more than once per day Pamela Gott (Feb 10)
- RE: Password changes more than once per day Gene LeDuc (Feb 10)
- RE: Password changes more than once per day Josh Mills (Feb 11)
- Re: Password changes more than once per day bsec (Feb 11)
- RE: Password changes more than once per day Gene LeDuc (Feb 12)