Educause Security Discussion mailing list archives
Re: Current Best Practice regarding Password Change policy
From: Greg Washburn <gwashburn () MBC EDU>
Date: Fri, 24 Sep 2010 08:47:12 -0400
SECURITY Index - 22 Sep 2010 to 23 Sep 2010 (#2010-201) We have different requirements based on roles. Students or ADJFaculty would be different than IT staff for example. For us this was easily accomplished with fine grained password settings based on group membership in AD. For us, we felt it was clear that some groups would have no need to follow the same stringent password requirements as other groups. Greg Washburn CISSP, CCNA, MCSE Sr. Network/System Admin 540.887.7352 Mary Baldwin College www.mbc.edu *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Barbara Deschapelles *Sent:* Friday, September 24, 2010 8:28 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Current Best Practice regarding Password Change policy We currently require all, Students, Faculty and Staff, to change passwords every 90 days and we are enforcing unique passwords (no repeats). This is a relatively new requirement here and we are getting a lot of push back on the change. I'd like to get a feel for what people accept as current best practice for password change intervals and other related policies, and also, if it is different than the best practice what people are actually doing (if you wish to share that :-) Thanks for your help. I'll be glad to summarize for the group if there is interest in that. Barb Deschapelles Executive Director Information Technology Clark State Community College 570 East Leffel Lane PO Box 570 Springfield, OH 45501-0570 Phone: 937 328-6144 Think before you print - save a tree.
Current thread:
- Current Best Practice regarding Password Change policy Barbara Deschapelles (Sep 24)
- Re: Current Best Practice regarding Password Change policy Greg Washburn (Sep 24)
- Re: Current Best Practice regarding Password Change policy Valdis Kletnieks (Sep 24)
- Re: Current Best Practice regarding Password Change policy Scott O. Bradner (Sep 24)
- Re: Current Best Practice regarding Password Change policy Roger Safian (Sep 24)
- Re: Current Best Practice regarding Password Change policy Dave Koontz (Sep 24)
- Re: Current Best Practice regarding Password Change policy Koski, David (Sep 24)
- Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
- Re: Current Best Practice regarding Password Change policy Jack Reardon (Sep 24)
- Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
- Re: Current Best Practice regarding Password Change policy Dexter Caldwell (Sep 24)
- Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)