Educause Security Discussion mailing list archives

Re: Don't Display Last Username??

From: Jarrod Millman <millman () BERKELEY EDU>
Date: Thu, 11 Oct 2007 12:00:20 -0700

On 10/11/07, Gibson, Nathan J. (HSC) <Nathan-Gibson () ouhsc edu> wrote:

Every " security best practices" document I have read suggests enabling
this setting on the domain, however I need to justify it. I have a list that
has some good points but I wanted to see the justification other security
practitioners have for their organization.


I think the main reason is that to gain access to most computers
requires at least two things: 1) a login name and 2) a password.  If a
computer displays the last user's login, then one of the two pieces of
information needed to gain access is exposed.

--
Jarrod Millman
Computational Infrastructure for Research Labs
10 Giannini Hall, UC Berkeley
phone: 510.643.4014
http://cirl.berkeley.edu/

Current thread:

Don't Display Last Username?? Gibson, Nathan J. (HSC) (Oct 11)
- <Possible follow-ups>
- Re: Don't Display Last Username?? Rizzo, Jim (Oct 11)
- Re: Don't Display Last Username?? Jarrod Millman (Oct 11)
- Re: Don't Display Last Username?? Gregg, Christopher S. (Oct 11)
- Re: Don't Display Last Username?? Gary Dobbins (Oct 11)
- Re: Don't Display Last Username?? Cal Frye (Oct 11)
- Re: Don't Display Last Username?? Dennis Tracz (Oct 11)
- Re: Don't Display Last Username?? Eric Case (Oct 11)
- Re: Don't Display Last Username?? Matthew Keller (Oct 12)
- Re: Don't Display Last Username?? Abreu, Jose A (Oct 12)