Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Current Best Practice regarding Password Change policy

From: Greg Washburn <gwashburn () MBC EDU>
Date: Fri, 24 Sep 2010 08:47:12 -0400
    SECURITY Index - 22 Sep 2010 to 23 Sep 2010 (#2010-201)

We have different requirements based on roles.  Students or ADJFaculty would
be different than IT staff for example.  For us this was easily accomplished
with fine grained password settings based on group membership in AD.

For us, we felt it was clear that some groups would have no need to follow
the same stringent password requirements as other groups.

Greg Washburn

CISSP, CCNA, MCSE

Sr. Network/System Admin

540.887.7352

Mary Baldwin College

www.mbc.edu



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Barbara Deschapelles
*Sent:* Friday, September 24, 2010 8:28 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Current Best Practice regarding Password Change policy





We currently require all, Students, Faculty and Staff, to change passwords
every 90 days and we are enforcing unique passwords (no repeats). This is a
relatively new requirement here and we are getting a lot of push back on the
change.  I'd like to get a feel for what people accept as current best
practice for password change intervals and other related policies, and also,
if it is different than the best practice what people are actually doing (if
you wish to share that :-)



Thanks for your help.  I'll be glad to summarize for the group if there is
interest in that.









Barb Deschapelles

Executive Director Information Technology

Clark State Community College

570 East Leffel Lane

PO Box 570

Springfield, OH 45501-0570

Phone: 937 328-6144



Think before you print - save a tree.
Previous By Date Next
Previous By Thread Next

Current thread: