Educause Security Discussion mailing list archives

Re: Frequency of password change

From: "Penn, Blake" <pennb () UWW EDU>
Date: Mon, 22 Aug 2005 17:47:19 -0500

Dr. Spafford:

Brostoff's work touches on these issues, and with plenty of good data too!

http://www.cs.ucl.ac.uk/staff/S.Brostoff/index_files/sachas_transfer_report.
pdf

http://www.cs.ucl.ac.uk/staff/S.Brostoff/thesis/


__________________________________
Blake Penn, CISSP
Information Security Officer
University of Wisconsin-Whitewater
(p) 262-472-5513 (f) 262-472-1285
e-mail: pennb () uww edu


-----Original Message-----
From: Gene Spafford [mailto:spaf () CERIAS PURDUE EDU]
Sent: Monday, August 22, 2005 3:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Frequency of password change

I know this has been a topic here before, but I failed to archive the info.
Does anyone have references to any good studies that show that changing
passwords once a month (or every 8 weeks, etc) is too FREQUENT and leads to
more cases of people forgetting passwords, picking trivial passwords,
writing them down, etc.

Thanks,

Attachment: smime.p7s
Description:

Current thread:

Frequency of password change Gene Spafford (Aug 22)
- <Possible follow-ups>
- Re: Frequency of password change Brian Wheeler (Aug 22)
- Re: Frequency of password change Penn, Blake (Aug 22)
- Re: Frequency of password change Gene Spafford (Aug 22)
- Re: Frequency of password change Gary Flynn (Aug 23)
- Re: Frequency of password change Melissa Guenther (Aug 23)