Educause Security Discussion mailing list archives

Re: Password aging

From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 8 Jan 2004 13:56:25 -0500

Seruya, Stewart wrote:

I’m trying to get a sense on how many have a university-wide Password
policy.  Second, do any have a password aging rule?


Where we can enforce a password policy, we attempt to do so. Our mail
and web systems insist on length between 6 and 8 characters and not a
dictionary word. They expire quarterly. Other systems are more lax, to
varying degrees.

As we converge on "coordinated passwords" (sort of like single sign-on,
but achieved through synchronization rather than true SSO), the risk of
losing one's password becomes greater the more it's shared among
systems, so this is a timely discussion for us.

--
--Cal Frye, Network Administrator, Oberlin College
 www.ouuf.org, www.calfrye.com

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: Password aging, (continued)
- Re: Password aging Jane Drews (Jan 08)
- Re: Password aging Paul Younker (Jan 08)
- Re: Password aging Dick Jacobson (Jan 08)
- Re: Password aging Paul Russell (Jan 08)
- Re: Password aging Jenny Gluck (Jan 08)
- Re: Password aging Scott Bradner (Jan 08)
- Re: Password aging Jenny Gluck (Jan 08)
- Re: Password aging Cal Frye (Jan 08)
- Re: Password aging Scott Bradner (Jan 08)
- Re: Password aging Scott Bradner (Jan 08)
- Re: Password aging Cal Frye (Jan 08)
- Re: Password aging Cal Frye (Jan 08)
- Re: Password aging Monday, Kathy (Jan 08)
- Re: Password aging Dan Updegrove (Jan 09)
- Re: Password aging Kevin Shalla (Jan 09)
- Re: Password aging Jere Retzer (Jan 09)
- Re: Password aging H. Morrow Long (Jan 09)
- Re: Password aging Peter Choi (Jan 09)
- Re: Password aging Eoghan Casey (Jan 10)
- Re: Password aging Jim Moore (Jan 13)
- Re: Password aging Steve Worona (Jan 13)

(Thread continues...)