Educause Security Discussion mailing list archives
Re: Active Directory Password Strength
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Wed, 16 Nov 2005 10:58:14 +1300
Graham Toal wrote:
The *only* advantage that changing your password offers is in the case when someone did intercept your password but decided not to use it for a long time, perhaps to cover where they got it from. In most other situations, the outcome is the same regardless of whether they got your old password or your new password.
One thing I think is more important than frequent changes of password is to automatically disable accounts that have not been used for some extended period of time. There will need to be exceptions but for the most part disabling accounts that have not been used for 3 months is a good idea. Don't delete anything at this stage just disable the access. Again there is going to be a cost of re-enabling accounts if they are needed again but it gets rid of a lot of deadwood without much effort. If the account is disabled for a much longer period (a year say) then it is flagged for manual intervention and someone gets to decide what should happen to the account and any resources that are associated with it. Cheers, Russell
Current thread:
- Active Directory Password Strength Cary, Kim (Nov 14)
- <Possible follow-ups>
- Re: Active Directory Password Strength Tim Howard (Nov 14)
- Re: Active Directory Password Strength Stewart, Ian (Nov 14)
- Re: Active Directory Password Strength Lucas, Bryan (Nov 14)
- Re: Active Directory Password Strength Bradley Ellis (Nov 14)
- Re: Active Directory Password Strength Graham Toal (Nov 15)
- Re: Active Directory Password Strength Russell Fulton (Nov 15)
- Re: Active Directory Password Strength Cary, Kim (Nov 16)
- Re: Active Directory Password Strength Graham Toal (Nov 16)
- Re: Active Directory Password Strength Eric Brewer (Nov 16)
- Re: Active Directory Password Strength Riedl, Steve Thomas (Nov 17)
- Re: Active Directory Password Strength Russell Fulton (Nov 25)