[unisog] Password Expiration Policy

Les Mitchell mitchell at usq.edu.au
Sun Oct 14 01:58:56 GMT 2007

Yes, 30 minutes, can also contact Service Desk during business operating
hours for faster reactivation. A long standing request for regular reports
that cover locked out accounts is just about in place. This should allow
any patterns to be more obvious.

(I should also check with the admins, it is possible that the lockout
counter may also reset after 30 minutes i.e. If there were 4 incorrect
attempts, then the next attempt was not until after 30 minutes later)

To my knowledge there have not been any major cases where people's accounts
have been locked out (DoS). However, in the past audits identified that some
privileged account owners deactivated the policy for their own accounts, but
the policy is now reinforced more often.

Another thought that came to me after the initial post. Having the password
protected screensaver kick in, might help people learn their new password
faster, and reduce the number of sticky notes under keyboards? Only


On 13/10/07 9:03 AM, "Alan Rothenbush" <alan at sfu.ca> wrote:

> On October 12, 2007 03:09 pm, Les Mitchell wrote:
>> Account lockout after 5 contiguous incorrect attempts
> What's your account lockout timeout ?  (I'm assuming an automatic re-enable).
> Alan

This email (including any attached files) is confidential and is for the
intended recipient(s) only.  If you received this email by mistake,
please, as a courtesy, tell the sender, then delete this email.

The views and opinions are the originator's and do not necessarily
reflect those of the University of Southern Queensland.  Although all
reasonable precautions were taken to ensure that this email contained no
viruses at the time it was sent we accept no liability for any losses
arising from its receipt.

The University of Southern Queensland is a registered provider of
education with the Australian Government (CRICOS Institution Code No's.
QLD 00244B / NSW 02225M)

More information about the unisog mailing list