Educause Security Discussion mailing list archives
Re: Security Awareness Programs
From: Shane Williams <shanew () ISCHOOL UTEXAS EDU>
Date: Wed, 2 Apr 2014 16:23:18 -0500
I've recently had this discussion with our faculty, and this was the point I kept making, all the while referring to the "mass password exposure" of the week. Unfortunately, almost no articles or blogs from before 2012 make any mention of this threat, much less academic papers (where faculty place more trust). Admittedly, the incidence of mass exposures pre-2012 wasn't what it is today, but I'm surprised that even now very few "experts" talk about this particular risk. On Wed, 2 Apr 2014, Roger A Safian wrote:
--_000_2C17E27E26DEE641AEECF7583B3CAB1A25987D2Bevcspmbx1adsnor_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I believe one of the benefits of changing the password is that it's not unc= ommon for web services to use an email address as a user name. If a user u= ses our address, and their associated password, and later that web service = gets compromised, there is a decent chance when the hashes are dumped that = they will have had to change our password and will no longer sync them.
-- Shane Williams Senior Information Technology Manager School of Information, University of Texas at Austin shanew () ischool utexas edu - 512-471-9471
Current thread:
- Re: Security Awareness Programs, (continued)
- Re: Security Awareness Programs Mike Osterman (Apr 02)
- Re: Security Awareness Programs Flynn, Gary - flynngn (Apr 02)
- Re: Security Awareness Programs Cal Frye (Apr 02)
- Re: Security Awareness Programs Flynn, Gary - flynngn (Apr 02)
- Re: Security Awareness Programs Flynn, Gary - flynngn (Apr 02)
- Re: Security Awareness Programs Mike Cunningham (Apr 02)
- Re: Security Awareness Programs Hall, Rand (Apr 03)
- Re: Security Awareness Programs Mike Cunningham (Apr 03)
- Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 02)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Ruth Ginzberg (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Isabelle Grey (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Von Welch (Apr 03)
- Re: Password expiration - was Re: [SECURITY] Security Awareness Programs Roger A Safian (Apr 03)