Educause Security Discussion mailing list archives
Please do not change your password
From: Justin Sherenco <jsherenco () EMICH EDU>
Date: Wed, 14 Apr 2010 09:04:17 -0400
Hello, I came across an interesting article on password changes. Author Cormac Herley of Microsoft makes a good case albeit just a cost-benefit analysis. I had to go back and think of why these types of policies were created in the first place. I came to my own conclusion that they were created before the days of complex password (passphrase) enforcement and the ability to automatically lock out accounts after X amount of failed log-in attempts. Do you think he can convince the auditors? <http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/please_do_not _change_your_password/?page=full> http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/please_do_not_ change_your_password/?page=full Regards, Justin ------------------------------------- Justin Sherenco Security Analyst 734-487-8574 Easten Michigan University http://it.emich.edu/security
Current thread:
- Please do not change your password Justin Sherenco (Apr 14)
- <Possible follow-ups>
- Re: Please do not change your password Morrow Long (Apr 14)
- Re: Please do not change your password John Ladwig (Apr 14)
- Re: Please do not change your password Paul Kendall (Apr 14)
- Re: Please do not change your password Sarazen, Daniel (Apr 14)
- Re: Please do not change your password Jones, Dan (Apr 14)
- Re: Please do not change your password SCHALIP, MICHAEL (Apr 14)
- Re: Please do not change your password Doty, Timothy T. (Apr 14)
- Re: Please do not change your password David LaPorte (Apr 14)
- Re: Please do not change your password SCHALIP, MICHAEL (Apr 14)
- Re: Please do not change your password Doty, Timothy T. (Apr 14)
(Thread continues...)