Educause Security Discussion mailing list archives
Re: Password change *recommended* -- RESULTS?
From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Wed, 16 Apr 2014 07:39:01 -0700
Good morning! Brady asked: #Except in the case of an incident were passwords may have be leaked or #otherwise compromised, in which case it seems it would be a required #change and just not recommended, I'm curious to the thoughts of those #here on why you would enforce periodic password changes on users. I outlined a few reasons in an NWACC talk on passwords that you can find at http://pages.uoregon.edu/joe/passwords/passwords.pdf (section 4 talks about the password change issue) That said, the fundamental problem is that at this stage of the game, plain old passwords just aren't good enough anymore -- yet we still don't see ubiquitous deployment of multifactor on most campuses. Why? I attempted to discuss some of the reasons that people may have *historically* had, and why they may no longer be applicable, in a talk I did last week in Denver at the Internet2 Global Summit; see http://pages.uoregon.edu/joe/global-summit-mfa/global-summit-mfa.pdf If you all are not doing multifactor, did I catch the reason(s) why in thos slides? If I missed a fundamental reason, I'd love to hear about/understand it better. Do we all just secretly love passwords for some sort of weird cultural reasons? :-; Regards, Joe
Current thread:
- Re: Password change *recommended* -- RESULTS?, (continued)
- Re: Password change *recommended* -- RESULTS? Ben Marsden (Apr 23)
- Re: Password change *recommended* -- RESULTS? Mitchell Pautz (Apr 23)
- Re: Password change *recommended* -- RESULTS? Bob Bayn (Apr 23)
- Re: Password change *recommended* -- RESULTS? Bob Bayn (Apr 23)
- Re: Password change *recommended* -- RESULTS? Jones, Dan J. (Apr 23)
- Re: Password change *recommended* -- RESULTS? Roger A Safian (Apr 23)
- Re: Password change *recommended* -- RESULTS? Roger A Safian (Apr 23)
- Re: Password change *recommended* -- RESULTS? Roger A Safian (Apr 23)
- Re: Password change *recommended* -- RESULTS? Thomas Carter (Apr 23)
- Re: Password change *recommended* -- RESULTS? Jones, Dan J. (Apr 23)
- Re: Password change *recommended* -- RESULTS? Joe St Sauver (Apr 16)
- Re: Password change *recommended* -- RESULTS? McClenon, Brady (Apr 16)
- Re: Password change *recommended* -- RESULTS? David Walker (Apr 16)
- Re: Password change *recommended* -- RESULTS? Robert Meyers (Apr 17)
- Re: Password change *recommended* -- RESULTS? Roger A Safian (Apr 17)
- Re: Password change *recommended* -- RESULTS? Joel L. Rosenblatt (Apr 17)
- Re: Password change *recommended* -- RESULTS? Williams, Charles (Apr 17)
- Re: Password change *recommended* -- RESULTS? Roger A Safian (Apr 17)
- Re: Password change *recommended* -- RESULTS? McClenon, Brady (Apr 16)
- Re: Password change *recommended* -- RESULTS? Brad Judy (Apr 18)
- Re: Password change *recommended* -- RESULTS? David Walker (Apr 23)