Educause Security Discussion mailing list archives

Re: Password Policies for today's knowledge worker

From: "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>
Date: Wed, 10 Feb 2016 04:56:09 +0000

We made a similar concession in exchange for increasing the minimum length of passwords.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike 
Chapple
Sent: Tuesday, February 09, 2016 8:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Policies for today's knowledge worker

Neal,

We recently removed our password expiration requirement in conjunction with the rollout of two-factor authentication.  
The change had the double benefit of improving our overall security (with two-factor) and generating quite a bit of 
goodwill on campus.

Best regards,

Mike

Mike Chapple, Ph.D.
Senior Director for IT Service Delivery
Concurrent Assistant Professor, Computing & Digital Technologies
University of Notre Dame
236 IT Center  |  Notre Dame, IN 46556
P: 574-631-5863 <tel:574-631-5863>   |  M: 574-274-0151 <tel:574-274-0151> 
 <mailto:mchapple () nd edu> mchapple () nd edu
Twitter:  
<https://urldefense.proofpoint.com/v2/url?u=http-3A__twitter.com_mchapple&d=BQMFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=jgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Zpblz7C5LhM&m=OyhtYGLFK4wzvBh_TEaUu5QOSP1eR1KM7PSvL1xnlIc&s=wj0QTY0iigpkuYqrunXUL7ej64hPfTiO7ULz67KOe4A&e=>
 @mchapple 

On Tue, Feb 9, 2016 at 7:17 PM, Fisch, Neal <Neal.Fisch () csuci edu <mailto:Neal.Fisch () csuci edu> > wrote:

Good afternoon everyone,

In today’s world of knowledge workers having a multitude of devices used for accessing their work data, I would like 
know how strict you feel password policies should be to be able to accommodate this plethora of devices, accommodate a 
seamless password change process, and still be secure.  Items of particular interest are password/access controls 
specifically in regards to acceptable timeframes for password resets and number of failed login attempts.

Thanks all!

Neal

Neal Fisch

Director, Enterprise Services and Security        

Information Security Officer

Division of Technology & Communication

California State University Channel Islands

One University Drive, Camarillo CA 93012

Solano Hall – Room 2178

Email:   <mailto:neal.fisch () csuci edu> neal.fisch () csuci edu

Voice:  805-437-3278 <tel:805-437-3278>  | Mobile:  805-443-6529 <tel:805-443-6529>  | Fax:  805-437-3377 
<tel:805-437-3377>

Attachment: smime.p7s
Description:

Current thread:

Re: Password Policies for today's knowledge worker, (continued)
- - Re: Password Policies for today's knowledge worker David Lundy (Feb 09)
    - Re: Password Policies for today's knowledge worker Julie Journitz (Feb 09)
    - Re: Password Policies for today's knowledge worker Larry K. Emmons (Feb 10)
    - Re: Password Policies for today's knowledge worker Matthew Trump (Feb 10)
    - Re: Password Policies for today's knowledge worker Shalla, Kevin (Feb 10)
    - Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 10)
    - Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 10)
    - Re: Password Policies for today's knowledge worker Thomas Carter (Feb 10)
  - Re: Password Policies for today's knowledge worker Mike Iglesias (Feb 09)
- Re: Password Policies for today's knowledge worker Mike Chapple (Feb 09)
  - Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 09)
- Re: Password Policies for today's knowledge worker Von Welch (Feb 10)
- Re: Password Policies for today's knowledge worker Brad Judy (Feb 10)