Educause Security Discussion mailing list archives

Re: Security Awareness Programs

From: Shane Williams <shanew () ISCHOOL UTEXAS EDU>
Date: Wed, 2 Apr 2014 16:23:18 -0500

I've recently had this discussion with our faculty, and this was the
point I kept making, all the while referring to the "mass password
exposure" of the week.  Unfortunately, almost no articles or blogs
from before 2012 make any mention of this threat, much less academic
papers (where faculty place more trust).  Admittedly, the incidence of
mass exposures pre-2012 wasn't what it is today, but I'm surprised
that even now very few "experts" talk about this particular risk.


On Wed, 2 Apr 2014, Roger A Safian wrote:

--_000_2C17E27E26DEE641AEECF7583B3CAB1A25987D2Bevcspmbx1adsnor_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I believe one of the benefits of changing the password is that it's not unc=
ommon for web services to use an email address as a user name.  If a user u=
ses our address, and their associated password, and later that web service =
gets compromised, there is a decent chance when the hashes are dumped that =
they will have had to change our password and will no longer sync them.


--
Shane Williams
Senior Information Technology Manager
School of Information, University of Texas at Austin
shanew () ischool utexas edu - 512-471-9471

Current thread:

Re: Security Awareness Programs, (continued)
- - - Re: Security Awareness Programs Mike Osterman (Apr 02)
    - Re: Security Awareness Programs Flynn, Gary - flynngn (Apr 02)
    - Re: Security Awareness Programs Cal Frye (Apr 02)
    - Re: Security Awareness Programs Flynn, Gary - flynngn (Apr 02)
    - Re: Security Awareness Programs Flynn, Gary - flynngn (Apr 02)
    - Re: Security Awareness Programs Mike Cunningham (Apr 02)
    - Re: Security Awareness Programs Hall, Rand (Apr 03)
    - Re: Security Awareness Programs Mike Cunningham (Apr 03)
- Re: Security Awareness Programs Joel L. Rosenblatt (Apr 02)
- Re: Security Awareness Programs Ben Woelk (Apr 02)
- Re: Security Awareness Programs Shane Williams (Apr 02)
  - Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 02)
    - Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
    - Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Ruth Ginzberg (Apr 03)
    - Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Isabelle Grey (Apr 03)
    - Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)
    - Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
  - Re: Security Awareness Programs Gene Spafford (Apr 02)