Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Complexity and Aging

From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 10 Apr 2009 13:51:17 -0500
At 12:02 PM 4/10/2009, Valdis Kletnieks put fingers to keyboard and wrote:

On Thu, 09 Apr 2009 12:49:12 EDT, Matthew Giannetto said:


-Change every 120 days


I'll be a heretic and remind everybody to read Gene Spafford's very cogent
comments regarding old threat models, and new threat models, and what attacks
we *actually* see, and what password changes actually (don't) do to mitigate...


This is basically, IMHO, a religious debate.  There's no right or wrong answer.
Password aging has its uses.  Password length and complexity have their uses
as well.  The problem becomes balancing the security needs of your organization
against the threats you face.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 467-6437   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"
Previous By Date Next
Previous By Thread Next

Current thread: