Educause Security Discussion mailing list archives
Re: Please do not change your password
From: Morrow Long <morrow.long () YALE EDU>
Date: Wed, 14 Apr 2010 09:13:01 -0400
Justin -- I heard about Cormac Herley's study on NPR last night: Study: Computer Security Measures Not All Worth It http://www.npr.org/templates/story/story.php?storyId=125914112 Morrow On Apr 14, 2010, at 9:04 AM, Justin Sherenco wrote:
Hello, I came across an interesting article on password changes. Author Cormac Herley of Microsoft makes a good case albeit just a cost- benefit analysis. I had to go back and think of why these types of policies were created in the first place. I came to my own conclusion that they were created before the days of complex password (passphrase) enforcement and the ability to automatically lock out accounts after X amount of failed log-in attempts. Do you think he can convince the auditors? http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/please_do_not_change_your_password/?page=full Regards, Justin ------------------------------------- Justin Sherenco Security Analyst 734-487-8574 Easten Michigan University http://it.emich.edu/security
Current thread:
- Please do not change your password Justin Sherenco (Apr 14)
- <Possible follow-ups>
- Re: Please do not change your password Morrow Long (Apr 14)
- Re: Please do not change your password John Ladwig (Apr 14)
- Re: Please do not change your password Paul Kendall (Apr 14)
- Re: Please do not change your password Sarazen, Daniel (Apr 14)
- Re: Please do not change your password Jones, Dan (Apr 14)
- Re: Please do not change your password SCHALIP, MICHAEL (Apr 14)
- Re: Please do not change your password Doty, Timothy T. (Apr 14)
- Re: Please do not change your password David LaPorte (Apr 14)
- Re: Please do not change your password SCHALIP, MICHAEL (Apr 14)
- Re: Please do not change your password Doty, Timothy T. (Apr 14)
- Re: Please do not change your password Mike Porter (Apr 14)
(Thread continues...)