Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password change *recommended* -- RESULTS?

From: "Jones, Dan J." <djjones () WPI EDU>
Date: Wed, 23 Apr 2014 20:32:05 -0500
In a way, the HeartBleed bug is a cause celebre for password expiry. Instead of incurring the risk of service 
disruptions around a forced password change, and assuming people never voluntarily change passwords, you can just allow 
the small risk of passwords being grabbed to diminish over the course of the next PW change interval.

___________________________
Dan Jones
Information Security Analyst
Worcester Polytechnic Institute

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Pedersen, Krystal
Sent: Wednesday, April 16, 2014 8:04 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password change *recommended* -- RESULTS?

Hello Everyone - I was looking to get an idea as to how successful a recommended password change broadcast is (to the 
entire school population)? Perhaps a percentage, such as -- last time we sent a broadcast out recommended a password 
change, with instructions on how to change your password, less than 1% of passwords were actually changed?

Thanks!

Krystal Pedersen, CISA
Information 
Technology<https://urldefense.proofpoint.com/v1/url?u=http://inside.umassmed.edu/is/index.aspx&k=7DHVT22D9IhC0F3WohFMBA%3D%3D%0A&r=yppbvsV1vRTy%2FrjhLIIxm488RCwdY6q%2B9kaVJLSs%2B%2F0%3D%0A&m=tSlwGq38fs4EHge7mAOj6gp%2B8x9jrgkGXw0D25qLnXg%3D%0A&s=d89d7539e7638db36313de9e693037eb5fe594f966c76650a952c02fe4c93c7e>
Information Security, Risk & Compliance Analyst
krystal.pedersen () umassmed edu<mailto:krystal.pedersen () umassmed edu>
Previous By Date Next
Previous By Thread Next

Current thread: