Educause Security Discussion mailing list archives
Re: Password Policies for today's knowledge worker
From: Von Welch <von () VONWELCH COM>
Date: Wed, 10 Feb 2016 13:15:32 +0000
You touch on the fundamental issue in your question: For the majority of cases, we are no longer authenticating people, we're authenticating devices which are authorized by people. IAM needs to make the shift to include devices as first-class end points, then polices can follow. E.g. why should I and the Mail app on my tablet share a password? Von On Tue, Feb 9, 2016, 7:28 PM Fisch, Neal <Neal.Fisch () csuci edu> wrote:
Good afternoon everyone, In today’s world of knowledge workers having a multitude of devices used for accessing their work data, I would like know how strict you feel password policies should be to be able to accommodate this plethora of devices, accommodate a seamless password change process, and still be secure. Items of particular interest are password/access controls specifically in regards to acceptable timeframes for password resets and number of failed login attempts. Thanks all! Neal Neal Fisch Director, Enterprise Services and Security Information Security Officer Division of Technology & Communication California State University Channel Islands One University Drive, Camarillo CA 93012 Solano Hall – Room 2178 Email: neal.fisch () csuci edu Voice: 805-437-3278 *|* Mobile: 805-443-6529 *|* Fax: 805-437-3377 [image: EXT_IS]
Current thread:
- Re: Password Policies for today's knowledge worker, (continued)
- Re: Password Policies for today's knowledge worker Julie Journitz (Feb 09)
- Re: Password Policies for today's knowledge worker Larry K. Emmons (Feb 10)
- Re: Password Policies for today's knowledge worker Matthew Trump (Feb 10)
- Re: Password Policies for today's knowledge worker Shalla, Kevin (Feb 10)
- Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 10)
- Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 10)
- Re: Password Policies for today's knowledge worker Thomas Carter (Feb 10)
- Re: Password Policies for today's knowledge worker Jones, Mark B (Feb 09)