Educause Security Discussion mailing list archives
Re: Password policy
From: Harold Winshel <winshel () CAMDEN RUTGERS EDU>
Date: Wed, 1 Nov 2006 21:59:42 -0500
A growing number of our users have laptop pc's. Our concern is protecting the data when the thief has physical posession of the computer. At 09:30 PM 11/1/2006, Jeff Kell wrote:
Geoff Nathan wrote: > > But seriously, who's going to try to break into Professor Snerdwell's > e-mail account with a dictionary attack? And unless we're worried > about month-long sustained attacks, frequent password changes are just > annoying without buying additional security. Making people change > their passwords every ninety days doesn't teach good computer hygiene, > it annoys them and confirms their impression that the IT people have > nothing better to do. Hear, hear! Hackers don't crack passwords anymore, they simply present a socially-engineered URL for the already-authenticated user to click on for a drive-by install of the backdoor/keylogger of his choice. Jeff
Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Current thread:
- Re: Password policy, (continued)
- Re: Password policy Kevin Shalla (Nov 01)
- Re: Password policy Daniel R Jones (Nov 01)
- Re: Password policy Jim Dillon (Nov 01)
- Re: Password policy Jim Dillon (Nov 01)
- Re: Password policy Crawford, Tim M. (Nov 01)
- Re: Password policy Bob Kehr (Nov 01)
- Re: Password policy Harold Winshel (Nov 01)
- Re: Password policy Jim Dillon (Nov 01)
- Re: Password policy Geoff Nathan (Nov 01)
- Re: Password policy Jeff Kell (Nov 01)
- Re: Password policy Harold Winshel (Nov 01)
- Re: Password policy Mike Wiseman (Nov 02)
- Re: Password policy Gary Flynn (Nov 02)
- Re: Password policy Penn, Blake (Nov 02)
- Re: Password policy Mike Wiseman (Nov 02)
- Re: Password policy Mclaughlin, Kevin L (mclaugkl) (Nov 02)
- Re: Password policy Mclaughlin, Kevin L (mclaugkl) (Nov 02)