Educause Security Discussion mailing list archives
Re: Password policy
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Thu, 2 Nov 2006 10:51:45 -0500
For those of you who provide a "universal account and password" that allows people to access multiple systems: 1) Do you allow the universal account to be used both with sensitive and non-sensitive applications?
Currently, no. Student access to class selection/scheduling, mark viewing, is via a separate username/password system from the institutional authN. Employee access to SIS/ERP is via two factor (SecurID).
2) Do you enforce separate password policies on the universal accounts whose holders can access sensitive systems? If so, through what mechanism?
N/A - see above. Now 'universal account and password' is a relatively new service and because it's convenient for users, there is pressure to add access to sensitive apps. Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto
Current thread:
- Re: Password policy, (continued)
- Re: Password policy Crawford, Tim M. (Nov 01)
- Re: Password policy Bob Kehr (Nov 01)
- Re: Password policy Harold Winshel (Nov 01)
- Re: Password policy Jim Dillon (Nov 01)
- Re: Password policy Geoff Nathan (Nov 01)
- Re: Password policy Jeff Kell (Nov 01)
- Re: Password policy Harold Winshel (Nov 01)
- Re: Password policy Mike Wiseman (Nov 02)
- Re: Password policy Gary Flynn (Nov 02)
- Re: Password policy Penn, Blake (Nov 02)
- Re: Password policy Mike Wiseman (Nov 02)
- Re: Password policy Mclaughlin, Kevin L (mclaugkl) (Nov 02)
- Re: Password policy Mclaughlin, Kevin L (mclaugkl) (Nov 02)