[unisog] Password policies

Gary Flynn flynngn at jmu.edu
Wed Apr 19 17:51:46 GMT 2006

Joseph Brennan wrote:

> Requiring frequent changes only pushes people to writing the passwords
> on sticky notes stuck to their monitors.  Is there any data to support
> the idea that changing every 3 months is better than changing every
> 3 decades?  If a stolen password hasn't been used in a few days, will
> it ever be used?

There is a discussion thread on password expirations on the
Educause SECURITY list archives at:


Threads 18 and 19

Gary Flynn
Security Engineer
James Madison University
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2836 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20060419/b7102825/smime.bin

More information about the unisog mailing list