Re: Password Policies for today's knowledge worker

["Larry K. Emmons" <lkemmons () SVSU EDU>]

David,

 

I like the response.  I'm going to use it the next time I am with the
person who asked me the question - I'll let you know how it goes :)

 

Thanks,

Larry

 

Larry K. Emmons

Director of Technology and Support Services

 <http://www.svsu.edu/> www.svsu.edu

 <http://www.svsu.edu/its> www.svsu.edu/its 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julie Journitz
Sent: Tuesday, February 9, 2016 9:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Policies for today's knowledge worker

 

David,

 

That's a great response.

 

 

Julianne Journitz

Director of Client Services

Information Technology Services

Pomona College

156 East 7th Street

Claremont, California 91711

http://research.pomona.edu/itsecurity/
<https://post.pomona.edu/owa/redir.aspx?SURL=2iiY4r9EU20oeg46QHpU1fWtrmPoG
q0Zw_3MZr7_j5A8ZS9zPebSCGgAdAB0AHAAOgAvAC8AcgBlAHMAZQBhAHIAYwBoAC4AcABvAG0
AbwBuAGEALgBlAGQAdQAvAGkAdABzAGUAYwB1AHIAaQB0AHkALwA.&URL=http%3a%2f%2fres
earch.pomona.edu%2fitsecurity%2f> 

@pomonahelp


On Feb 9, 2016, at 6:00 PM, David Lundy <dlundy () PACIFIC EDU
<mailto:dlundy () pacific edu> > wrote:

Larry:

      Because of uncertainty.  One does not necessarily know of a
compromise.  Consider that the Germans lost U-Boats in WWII because they
were unaware that Enigma had been compromised.

 

David Lundy

-----------------------------------

David Lundy

Assistant IT Security Officer

University of the Pacific

Stockton, CA 95211

Email: dlundy () pacific edu <mailto:dlundy () pacific edu> 

Voice: 209-946-3951

Fax: 209-946-2898

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Larry K. Emmons
Sent: Tuesday, February 09, 2016 5:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () listserv educause edu>

Subject: Re: [SECURITY] Password Policies for today's knowledge worker

 

Neal,

 

In a similar discussion I was challenged with a question. "Why do I need
to change my password?"  I went through the typical responses about
security and was then asked the same question again.  I pondered my
dilemma and was then enlightened with a response.  I should only have to
change my password if it has been compromised.  If it hasn't been
compromised, why change it?

 

Chicken or egg?

Thanks,
Larry

Director of Technology and Support Services
Saginaw Valley State University
www.svsu.edu <http://www.svsu.edu> 

 






On Tue, Feb 9, 2016 at 4:28 PM -0800, "Fisch, Neal" <Neal.Fisch () CSUCI EDU
<mailto:Neal.Fisch () CSUCI EDU> > wrote:

 

Good afternoon everyone,

 

In today's world of knowledge workers having a multitude of devices used
for accessing their work data, I would like know how strict you feel
password policies should be to be able to accommodate this plethora of
devices, accommodate a seamless password change process, and still be
secure.  Items of particular interest are password/access controls
specifically in regards to acceptable timeframes for password resets and
number of failed login attempts.

 

Thanks all!

 

Neal

 

Neal Fisch

Director, Enterprise Services and Security        

Information Security Officer

Division of Technology & Communication

California State University Channel Islands

One University Drive, Camarillo CA 93012

Solano Hall - Room 2178

 

Email:   <mailto:neal.fisch () csuci edu> neal.fisch () csuci edu

Voice:  805-437-3278 | Mobile:  805-443-6529 | Fax:  805-437-3377

<image001.jpg>