Educause Security Discussion mailing list archives
Re: Password Complexity and Aging
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 10 Apr 2009 13:51:17 -0500
At 12:02 PM 4/10/2009, Valdis Kletnieks put fingers to keyboard and wrote:
On Thu, 09 Apr 2009 12:49:12 EDT, Matthew Giannetto said:-Change every 120 daysI'll be a heretic and remind everybody to read Gene Spafford's very cogent comments regarding old threat models, and new threat models, and what attacks we *actually* see, and what password changes actually (don't) do to mitigate...
This is basically, IMHO, a religious debate. There's no right or wrong answer. Password aging has its uses. Password length and complexity have their uses as well. The problem becomes balancing the security needs of your organization against the threats you face. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 467-6437 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Password Complexity and Aging Matthew Giannetto (Apr 09)
- <Possible follow-ups>
- Re: Password Complexity and Aging Tupker, Mike (Apr 09)
- Re: Password Complexity and Aging Eric Case (Apr 09)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 10)
- Re: Password Complexity and Aging Stanclift, Michael (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging King, Ronald A. (Apr 10)
- Re: Password Complexity and Aging Roger Safian (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging Geoff Nathan (Apr 11)
- Re: Password Complexity and Aging Stephen John Smoogen (Apr 11)
- Re: Password Complexity and Aging Tom Siu (Apr 12)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 13)
- Re: Password Complexity and Aging Barros, Jacob (Apr 13)
- Re: Password Complexity and Aging Gary Dobbins (Apr 13)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Allison Dolan (Apr 13)
(Thread continues...)