[unisog] Password policies

Gary Flynn flynngn at jmu.edu
Wed Apr 19 17:51:46 GMT 2006


Joseph Brennan wrote:

> Requiring frequent changes only pushes people to writing the passwords
> on sticky notes stuck to their monitors.  Is there any data to support
> the idea that changing every 3 months is better than changing every
> 3 decades?  If a stolen password hasn't been used in a few days, will
> it ever be used?

There is a discussion thread on password expirations on the
Educause SECURITY list archives at:

http://listserv.educause.edu/cgi-bin/wa.exe?A1=ind0604&L=security

Threads 18 and 19

-- 
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2836 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20060419/b7102825/smime.bin


More information about the unisog mailing list