RE: Password changes more than once per day

From: Gene LeDuc (Gene.LeDuc_at_tns-md.com)
Date: 02/11/04

  • Next message: bauchi: "Re: Password changes more than once per day"
    To: 'Bob Kelley' <bob_kelley_jr@yahoo.com>
    Date: Tue, 10 Feb 2004 19:07:28 -0500
    
    

    The main reason that I can see is to prevent people from defeating a rule
    such as "you can't use any of your last 12 passwords". If there's no
    minimum password life then I could change my password 12 times in a few
    minutes and then make the final change back to my original. I have users
    who would do this.

    -----Original Message-----
    From: Bob Kelley [mailto:bob_kelley_jr@yahoo.com]
    Sent: Tuesday, February 10, 2004 1:32 PM
    To: security-basics@securityfocus.com
    Subject: Password changes more than once per day

    Can someone please explain the security implications of allowing a user to
    change their password more than one time per day without involving an
    account administrator? What's the risk ?

    I specified the security requirement of not allowing a user to change their
    password more than once per day for an outsourcing project and I am being
    asked why. I could not remember my reasoning other than it's a requirement
    for microsoft security policies to ensure password history is enforced.

    Thanks!

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------


  • Next message: bauchi: "Re: Password changes more than once per day"

    Relevant Pages

    • Re: Securing webmail - changing a port necessary to ensure security?
      ... download in the site www.cpan.org. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • DNSDigger Update
      ... A new version of DNSDigger is available for download at ... Some bugfixes ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Pen-Test)
    • RE: Wierd named log..
      ... Astaro Security Linux -- firewall with Spam/Virus Protection ... Download 30-day evaluation at: ...
      (Security-Basics)
    • RE: WebDav Worm?
      ... I've seen the exact same pattern from 7 different source IPs in the ... All source IPs appear to be DSL or cable modem, ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Incidents)
    • RE: Life After CISSP?
      ... Subject: Life After CISSP? ... The contents of this email and any attachments to it may contain ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)