Educause Security Discussion mailing list archives

Re: Password Cracking & Consequences

From: "Lucas, Bryan" <b.lucas () TCU EDU>
Date: Thu, 26 Aug 2004 16:00:57 -0500

If you don't crack them regularly, you might consider it as long as
you're going to do something with the data.  You'll be surprised at how
poor they are if you aren't doing any complexity enforcement.  We've
been cracking monthly for 14 months now followed by a targeted email
urging them to change it and education about selecting a strong
password.  

We have a complexity requirement and an improved self-service module
about to kick in sometime next two weeks.

Bryan Lucas
Lead Server Administrator
Texas Christian University
(817) 257-6971


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sweeny, Jonny
Sent: Thursday, August 26, 2004 3:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Cracking & Consequences


Do IT departments commonly try to crack their users' passwords?

That's surprising/scary news to me...

~Jonny

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason Brooks
Sent: Thursday, August 26, 2004 3:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Cracking & Consequences

We are looking for any advice on the consequences other institutions
impose on faculty and staff when their password is cracked by IT.  For
instance, is it a zero-tolerance system where your password is
automatically reset and you must show up at the Helpdesk to have it
reset?  Or, is it a graduated series of consequences, a la "Three
Strikes and You're Out,"  e.g., disciplinary action, network
restrictions, etc.  Any other configurations?

Anything anyone could provide would be helpful.  Trying not to reinvent
the wheel!

Jason Brooks

Jason Brooks
Information Security Technician
Longwood University
201 High Street
Farmville, VA 23909
(434) 395-2034
mailto:brooksje () longwood edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Password Cracking & Consequences Jason Brooks (Aug 26)
- <Possible follow-ups>
- Re: Password Cracking & Consequences Sweeny, Jonny (Aug 26)
- Re: Password Cracking & Consequences CAROLE CARMODY (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Melissa Guenther (Aug 26)
- Re: Password Cracking & Consequences Scott Weeks (Aug 26)
- Re: Password Cracking & Consequences Alan Amesbury (Aug 26)
- Re: Password Cracking & Consequences Jason Richardson (Aug 26)
- Re: Password Cracking & Consequences Jeff Giacobbe (Aug 26)
- Re: Password Cracking & Consequences Geoff Nathan (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Stephen Bernard (Aug 26)

(Thread continues...)