Educause Security Discussion mailing list archives

Re: Current Best Practice regarding Password Change policy

From: Jason Testart <jatestart () UWATERLOO CA>
Date: Fri, 24 Sep 2010 10:33:07 -0400

  On 9/24/2010 8:52 AM, Valdis Kletnieks wrote:

(Anybody want to publicly admit they were able to sell the auditors
on what Spaf said, and managed to eliminate mandatory changes?)

We are about to introduce mandatory password changes here, after arecent audit. The Spaf arguments didn't fly with our auditors, so thebest I could do is set a standard of a year by default, and 126 or sodays (one academic term) for more sensitive areas. That's what we'regoing to do.


The way I see it:

   Compliance 1, Security 0

Current thread:

Re: Current Best Practice regarding Password Change policy, (continued)
- - - Re: Current Best Practice regarding Password Change policy Koski, David (Sep 24)
    - Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Jack Reardon (Sep 24)
    - Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Dexter Caldwell (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Dexter Caldwell (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Joel Rosenblatt (Sep 24)
    - Re: Current Best Practice regarding Password Change policy John Ladwig (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Joel Rosenblatt (Sep 24)
  - Re: Current Best Practice regarding Password Change policy Jason Testart (Sep 24)
- Re: Current Best Practice regarding Password Change policy Jack Suess (Sep 24)
- Re: Current Best Practice regarding Password Change policy Jack Reardon (Sep 24)
- Re: Current Best Practice regarding Password Change policy Joel Rosenblatt (Sep 24)
- Re: Current Best Practice regarding Password Change policy Scott O. Bradner (Sep 24)
- Re: Current Best Practice regarding Password Change policy John C. Gale (Sep 24)
  - Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Jack Reardon (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Conor McGrath (Sep 24)
    - Re: Current Best Practice regarding Password Change policy Doty, Timothy T. (Sep 24)
    - Re: Current Best Practice regarding Password Change policy charlie derr (Sep 24)

(Thread continues...)