Educause Security Discussion mailing list archives
Re: Password policy
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 1 Nov 2006 14:17:02 -0500
Kellogg, Brian D. wrote:
A couple questions:
1. Do most enforce password expirations? I came from a large
corporation and they enforced a 90 day password expiration
policy. It seemed to have the effect of making passwords less
secure as most would write them down in obvious places.
We've had a password expiration policy for as long as I can remember. We went from a 190 day cycle to a 90 day cycle a few months ago to align our policies with state guidelines.
2. Do most enforce a strong password policy?
We enforce password complexity rules, history, and a rudimentary dictionary check.
3. Any other recommendations/insights along this line would be helpful.
I agree with others that writing a password down in a secure location is an acceptable solution to password proliferation, change, and complexity. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Password policy Kellogg, Brian D. (Nov 01)
- <Possible follow-ups>
- Re: Password policy Gary Dobbins (Nov 01)
- Re: Password policy Penn, Blake (Nov 01)
- Re: Password policy Buz Dale (Nov 01)
- Re: Password policy Kevin Shalla (Nov 01)
- Re: Password policy Colleen Keller (Nov 01)
- Re: Password policy Gary Flynn (Nov 01)
- Re: Password policy Harold Winshel (Nov 01)
- Re: Password policy Mclaughlin, Kevin L (mclaugkl) (Nov 01)
- Re: Password policy Gene Spafford (Nov 01)
- Re: Password policy Geoff Nathan (Nov 01)
- Re: Password policy Mclaughlin, Kevin L (mclaugkl) (Nov 01)
- Re: Password policy Kevin Shalla (Nov 01)
- Re: Password policy Daniel R Jones (Nov 01)
- Re: Password policy Jim Dillon (Nov 01)
- Re: Password policy Jim Dillon (Nov 01)
- Re: Password policy Crawford, Tim M. (Nov 01)
(Thread continues...)