Educause Security Discussion mailing list archives
Re: Password Complexity and Aging
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 10 Apr 2009 15:54:29 -0400
On Fri, 10 Apr 2009 13:51:17 CDT, Roger Safian said:
This is basically, IMHO, a religious debate. There's no right or wrong answer. Password aging has its uses. Password length and complexity have their uses as well. The problem becomes balancing the security needs of your organization against the threats you face.
I have *no* problems with an organization saying "We've thought about it, and password aging solves real and actual *current* problem XYZ for us" (for example, if you're using that as a proxy for disabling unused accounts - which *is* a good thing). It's all the sites that are implementing password aging to solve last century's issues without thinking about the *current* issues. And yes, for many sites, "We'll never be able to sell it to the auditors" is probably reason enough - if so, at least *try* to educate said auditors. Far too much security these days is totally cargo-cult.
Attachment:
_bin
Description:
Current thread:
- Password Complexity and Aging Matthew Giannetto (Apr 09)
- <Possible follow-ups>
- Re: Password Complexity and Aging Tupker, Mike (Apr 09)
- Re: Password Complexity and Aging Eric Case (Apr 09)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 10)
- Re: Password Complexity and Aging Stanclift, Michael (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging King, Ronald A. (Apr 10)
- Re: Password Complexity and Aging Roger Safian (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging Geoff Nathan (Apr 11)
- Re: Password Complexity and Aging Stephen John Smoogen (Apr 11)
- Re: Password Complexity and Aging Tom Siu (Apr 12)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 13)
- Re: Password Complexity and Aging Barros, Jacob (Apr 13)
- Re: Password Complexity and Aging Gary Dobbins (Apr 13)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Allison Dolan (Apr 13)
- Re: Password Complexity and Aging Morrow Long (Apr 13)
(Thread continues...)