Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Management Policy & Standards

From: "Mark I. Berman" <mberman () SIENA EDU>
Date: Fri, 26 Feb 2016 05:02:13 -0700
Joanna,

So what you're saying is that the reason to expire passwords is to make the accountants happy rather than any rational 
balancing of risk/reward? I think I probably agree with you. We just had a discussion here about whether we need to 
worry about password expiration and complexity so much if we move to two factor authentication. One thing that was 
brought up is that we might not even know if a password is compromised since the bad-guy still wouldn't be able to get 
in, lacking the second factor. And do we care at that point that the password was compromised.  Two factor auth 
certainly seems to throw a monkey wrench into the question of how important complex and frequently changed passwords 
really are!

 - Mark
--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Previous By Date Next
Previous By Thread Next

Current thread: