Educause Security Discussion mailing list archives
Re: Password expiration Process ?
From: "Franklin, Elliott" <franklin () TXSTATE EDU>
Date: Thu, 6 Apr 2006 09:38:02 -0500
I agree with Scott. We implemented password expiration in October of last year (90 days for faculty/staff and 180 for students) and are now being asked to review it again by the faculty. We send multiple reminder emails before disabling the account but as most have discovered, these emails are usually deleted without being read or caught by internal rules or spam filters. After searching the list archives as well as reading many other university policies, we are moving toward changing the expiration to once per year and begin working on two factor authentication for those with access to private data. Elliott Franklin, CISSP Information Security Analyst Texas State University-San Marcos http://www.vpit.txstate.edu/security 512.245.2501 -----Original Message----- From: Scott Bradner [mailto:sob () HARVARD EDU] Sent: Thursday, April 06, 2006 9:26 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password expiration Process ?
First, are any of you using a password expiration process in a student self-service environment?
specifically no reviewing the research (as was done in a discussion on this list a while back) we concluded that forcing pasword changes would, in net, reduce security rather than increase it for this type of situation (along with pissing off the students etc) it seems far better to do things like send email notices when some kinds of changes are made by the student (e.g. changing password or privacy settings) that might indicate a 3rd party accessing the account Scott
Current thread:
- Password expiration Process ? Theresa Semmens (Apr 06)
- <Possible follow-ups>
- Re: Password expiration Process ? Scott Bradner (Apr 06)
- Re: Password expiration Process ? Franklin, Elliott (Apr 06)
- Re: Password expiration Process ? Penn, Blake (Apr 06)
- Re: Password expiration Process ? David Lundy (Apr 06)
- Re: Password expiration Process ? Gary Flynn (Apr 06)
- Re: Password expiration Process ? Drews, Jane E (Apr 07)
- Re: Password expiration Process ? Kenneth G. Arnold (Apr 07)
- Re: Password expiration Process ? Cal Frye (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)
- Re: Password expiration Process ? Theresa Semmens (Apr 07)