Educause Security Discussion mailing list archives
Re: Password Complexity and Aging
From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Mon, 13 Apr 2009 08:54:04 -0400
I agree with Roger. Password aging doesn't seem to work for us. If I were to reinstate a mandatory password change every 90 days, 3M's stock price would spike from the increase of Post-It note usage. Hopefully they would remember to hide it under their keyboard. Jacob Barros Network Administrator Grace College -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger Safian Sent: Friday, April 10, 2009 2:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Complexity and Aging At 12:02 PM 4/10/2009, Valdis Kletnieks put fingers to keyboard and wrote:
On Thu, 09 Apr 2009 12:49:12 EDT, Matthew Giannetto said:-Change every 120 daysI'll be a heretic and remind everybody to read Gene Spafford's very
cogent
comments regarding old threat models, and new threat models, and what
attacks
we *actually* see, and what password changes actually (don't) do to
mitigate... This is basically, IMHO, a religious debate. There's no right or wrong answer. Password aging has its uses. Password length and complexity have their uses as well. The problem becomes balancing the security needs of your organization against the threats you face. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 467-6437 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: Password Complexity and Aging, (continued)
- Re: Password Complexity and Aging Stanclift, Michael (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging King, Ronald A. (Apr 10)
- Re: Password Complexity and Aging Roger Safian (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging Geoff Nathan (Apr 11)
- Re: Password Complexity and Aging Stephen John Smoogen (Apr 11)
- Re: Password Complexity and Aging Tom Siu (Apr 12)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 13)
- Re: Password Complexity and Aging Barros, Jacob (Apr 13)
- Re: Password Complexity and Aging Gary Dobbins (Apr 13)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Allison Dolan (Apr 13)
- Re: Password Complexity and Aging Morrow Long (Apr 13)
- Re: Password Complexity and Aging Schumacher, Adam J (Apr 13)
- Re: Password Complexity and Aging Dexter Caldwell (Apr 13)
- Re: Password Complexity and Aging Basgen, Brian (Apr 13)
- Re: Password Complexity and Aging Gary Dobbins (Apr 13)
- Re: Password Complexity and Aging Doty, Timothy T. (Apr 13)
- Re: Password Complexity and Aging Karl Heins (Apr 13)
(Thread continues...)