Re: Password changes more than once per day

From: Charlie Fraser (fraserc_at_mail.montclair.edu)
Date: 02/11/04

  • Next message: Gene LeDuc: "RE: Password changes more than once per day"
    Date: Tue, 10 Feb 2004 19:06:48 -0500
    To: Bob Kelley <bob_kelley_jr@yahoo.com>
    
    

    Bob, IMHO even once a day is too often. Having this policy in place puts
    a natural check and balance to alert the security and IT staff that
    there may be a security problem. If a user needs to change their
    password more than once a week something is going on. What is the user's
    rational to this request? Just curious.

    Charlie

    Bob Kelley wrote:

    >Can someone please explain the security implications of allowing a user to change their password more than one time per day without involving an account administrator? What's the risk ?
    >
    >
    >
    >I specified the security requirement of not allowing a user to change their password more than once per day for an outsourcing project and I am being asked why. I could not remember my reasoning other than it's a requirement for microsoft security policies to ensure password history is enforced.
    >
    >
    >
    >Thanks!
    >
    >---------------------------------------------------------------------------
    >Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    >
    >Protect your network with the comprehensive security solution that
    >integrates six applications for ease of use and lower TCO.
    >
    >Firewall - Virus protection - Spam protection - URL blocking - VPN
    >- Wireless security.
    >
    >Download 30-day evaluation at:
    >http://www.astaro.com/php/contact/securityfocus.php
    >----------------------------------------------------------------------------
    >
    >
    >

    -- 
    Charlie Fraser
    Systems Engineer MCSE, CCEA, A+
    Montclair State University
    973-655-7868
    fraserc@mail.montclair.edu
    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------
    

  • Next message: Gene LeDuc: "RE: Password changes more than once per day"