Educause Security Discussion mailing list archives
Re: Don't Display Last Username??
From: Jarrod Millman <millman () BERKELEY EDU>
Date: Thu, 11 Oct 2007 12:00:20 -0700
On 10/11/07, Gibson, Nathan J. (HSC) <Nathan-Gibson () ouhsc edu> wrote:
Every " security best practices" document I have read suggests enabling this setting on the domain, however I need to justify it. I have a list that has some good points but I wanted to see the justification other security practitioners have for their organization.
I think the main reason is that to gain access to most computers requires at least two things: 1) a login name and 2) a password. If a computer displays the last user's login, then one of the two pieces of information needed to gain access is exposed. -- Jarrod Millman Computational Infrastructure for Research Labs 10 Giannini Hall, UC Berkeley phone: 510.643.4014 http://cirl.berkeley.edu/
Current thread:
- Don't Display Last Username?? Gibson, Nathan J. (HSC) (Oct 11)
- <Possible follow-ups>
- Re: Don't Display Last Username?? Rizzo, Jim (Oct 11)
- Re: Don't Display Last Username?? Jarrod Millman (Oct 11)
- Re: Don't Display Last Username?? Gregg, Christopher S. (Oct 11)
- Re: Don't Display Last Username?? Gary Dobbins (Oct 11)
- Re: Don't Display Last Username?? Cal Frye (Oct 11)
- Re: Don't Display Last Username?? Dennis Tracz (Oct 11)
- Re: Don't Display Last Username?? Eric Case (Oct 11)
- Re: Don't Display Last Username?? Matthew Keller (Oct 12)
- Re: Don't Display Last Username?? Abreu, Jose A (Oct 12)