Educause Security Discussion mailing list archives

Re: Automatic timeout to locking screensaver

From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Thu, 4 Oct 2012 13:45:23 -0500

We recently instituted a Domain-wide 30 minute password-protected
screensaver lock for all systems. There was a lot of fight over it until we
actually did it. Few people have noticed. :) We plan on decreasing it in 5
minute increments over several months down to 15 minutes. PCI was our
overall justification as well.

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other confidential information via email.***
*
*



On Thu, Oct 4, 2012 at 11:59 AM, Louis APONTE <LouisAponte () weber edu> wrote:

 Weber State University

1. Yes, All users must have an auto-locking feature enabled, which
requires a password to unlock.
           We do not use the term screen saver, so that power options can
satisfy the requirement.
2. We require this on all faculty and staff workstations; exceptions are
computer labs, public library systems, e-kiosk etc .
3. We recommend activation after 10 min. of idle time, but the standard is
20 minutes or less.

We also recommend that you physically lock your office door (if you have a
door) should you leave your work area unattended, or manually lock your
system as you leave your work area.

louis


On 10/4/2012 at 10:05 AM, in message
<CA+d9XAPU22J7=umXcAcJKcXcg1uUNY34tevdjb=Kq2xKBZ1G3g () mail gmail com>,
David Curry <david.curry () NEWSCHOOL EDU> wrote:
   Greetings,

I'm trying to make the case for implementing a mandatory locking
screensaver on our office workstations/laptops (faculty and administrative
staff). It would be done in the usual way: after some period (15, 20, 30
minutes TBD) of idle time, the system would invoke the screen saver, and to
restore the screen and continue working, the user would have to enter his
or her password. Reaction has been mixed (as I expected), and the usual
question has come up: "well, what do other universities do?"

So....

   1. Do you implement a mandatory locking screen saver on your staff
   and/or faculty computers?
   2. If so, do you do so for all staff/faculty, or just certain groups
   (and what are those groups)?
   3. If so, how long is your timeout before the screensaver starts?

 Thanks,

--Dave


--

*DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY

*THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry () newschool edu

Current thread:

Automatic timeout to locking screensaver David Curry (Oct 04)
- Re: Automatic timeout to locking screensaver David Scott (Oct 04)
- Re: Automatic timeout to locking screensaver Clifford Collins (Oct 04)
- Re: Automatic timeout to locking screensaver Louis APONTE (Oct 04)
  - Re: Automatic timeout to locking screensaver Drew Perry (Oct 04)
- Re: Automatic timeout to locking screensaver Mark Borrie (Oct 04)
- <Possible follow-ups>
- Re: Automatic timeout to locking screensaver SCHALIP, MICHAEL (Oct 04)