Re: Password Management Policy & Standards

["Bradner, Scott" <sob () HARVARD EDU>]

you could care if the password is compromised if the password is used to enable or otherwise
control the 2nd factor

Scott

> On Feb 26, 2016, at 7:02 AM, Mark I. Berman <mberman () SIENA EDU> wrote:
>
> Joanna,
>
> So what you're saying is that the reason to expire passwords is to make the accountants happy rather than any 
> rational balancing of risk/reward? I think I probably agree with you. We just had a discussion here about whether we 
> need to worry about password expiration and complexity so much if we move to two factor authentication. One thing 
> that was brought up is that we might not even know if a password is compromised since the bad-guy still wouldn't be 
> able to get in, lacking the second factor. And do we care at that point that the password was compromised.  Two 
> factor auth certainly seems to throw a monkey wrench into the question of how important complex and frequently 
> changed passwords really are!
>
> - Mark
> --
> Mark Berman, Chief Information Officer
> Siena College
> 515 Loudon Road
> Loudonville, NY  12211
> (518)782-6957,  Fax: (518)783-2590