Firewall Wizards mailing list archives

Re: password aging

From: HASSAN.KARIM () chase com
Date: Wed, 19 Aug 1998 15:09:50 -0400

Actually...
This is the policy in alot of Banks. However, I've been hardpressed to find
a Unix implementation that does this. If Im not mistaken, I've heard of
something but I can't remember the name.

-Hassan





Adam Shostack <adam @ weathership.homeport.org> on 08/18/98 05:57:23 PM

Please respond to Adam Shostack <adam () weathership homeport org>


To:   firewall-wizards @ nfr.net
cc:    (bcc: Hassan Karim/CHASE)
Subject:  password aging




     Various people assert that its a good idea to maintain a
history of user passwords so that they can't change their password to
a previous password.  However, I'm having trouble finding a reference
to this in the literature that examines the issue of how many
passwords to save and why.  The lime green book (password management)
says not to let the user use their previous password, but doesn't go
into storing a history.
     Does anyone know of a paper on, or that discusses, this topic,
and how or why to pick various values of N?
Adam

Current thread:

password aging Adam Shostack (Aug 19)
- Re: password aging Rick Smith (Aug 23)
- <Possible follow-ups>
- Re: password aging Steve Bellovin (Aug 19)
  - Re: password aging R. DuFresne (Aug 23)
- Re:password aging Harvey Nusz (Aug 19)
- Re: password aging HASSAN . KARIM (Aug 19)
- Re: password aging H. Morrow Long (Aug 23)
  - Re: password aging Adam Shostack (Aug 24)
  - Re: password aging Paul M. Cardon (Aug 26)
    - Re: password aging Stephen P. Gibbons (Aug 27)
    - Re: password aging Massimo Brogioni (Aug 27)
- Re: password aging John McDermott (Aug 24)
- Re: password aging Paul McNabb (Aug 28)
  - Re: password aging Stephen P. Gibbons (Aug 28)
- Re: password aging Paul McNabb (Aug 28)
  - Re: password aging Stephen P. Gibbons (Aug 30)

(Thread continues...)