Educause Security Discussion mailing list archives
Re: Password Security
From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Tue, 23 Oct 2007 13:13:19 -0400
Simplest argument? If an employee has identity/assets/benefits stolen as a result of theft of one of these cards, there is no shortage of experts who could testify -- in a negligence lawsuit against the university -- that it is known bad practice to write sensitive passwords where they can be found. That could mean increased damages against the university from any aggrieved employee. Oh, and now that this threat is online, any aggrieved employees (or their attorneys) will be able to find it to help identify said experts and show that the university had prior notice. So, as with any standard risk management, it is up to university authorities to decide if it is worth the risk of losing a messy, expensive lawsuit that might be enabled by their policy. :-)
Current thread:
- Password Security Mclaughlin, Kevin (mclaugkl) (Oct 23)
- <Possible follow-ups>
- Re: Password Security Samuel Young (Oct 23)
- Re: Password Security Gary Dobbins (Oct 23)
- Re: Password Security Wyman Miles (Oct 23)
- Re: Password Security Sarah Stevens (Oct 23)
- Re: Password Security Gene Spafford (Oct 23)
- Re: Password Security Vicky Walker (Oct 23)
- Re: Password Security Roger Safian (Oct 23)
- Re: Password Security Mclaughlin, Kevin (mclaugkl) (Oct 23)
- Re: Password Security Logan, Kimberly (loganks) (Oct 23)
- Re: Password Security Steven Alexander (Oct 23)
- Re: Password Security Jim Dillon (Oct 23)
- Re: Password Security Doug Markiewicz (Oct 23)
- Re: Password Security Jim Dillon (Oct 23)
- Re: Password Security David Seidl (Oct 23)
- Re: Password Security Vicky Walker (Oct 23)
(Thread continues...)