Re: Password changes more than once per day

From: bauchi (lists_at_bauchi.de)
Date: 02/11/04

Next message: Scott J: "Weakness introduced by denying remote logins on AIX, possibly others"

Previous message: Gene LeDuc: "RE: Password changes more than once per day"
In reply to: Bob Kelley: "Password changes more than once per day"
Next in thread: Joey Peloquin: "RE: Password changes more than once per day"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 11 Feb 2004 01:02:34 +0100
To: Bob Kelley <bob_kelley_jr@yahoo.com>

BK> Can someone please explain the security implications of allowing a user to change their password more than one time per day without involving an account administrator? What's the risk ?

BK> I specified the security requirement of not allowing a user to change their password more than once per day for an outsourcing project and I am being asked why. I could not remember my reasoning
BK> other than it's a requirement for microsoft security policies to ensure password history is enforced.

BK> Thanks!

hi bob,

one of the reasons we did this, is that our policy says:
remember the last 3 password of this user and do not accept
passwords based on the last 3 used.
if the user can change his password whenever/how often 'HE/SHE' wants, he
could cycle through 3 passwords within 2 minutes and at the forth time use his old
password. and that's not wanted ;)

hth
basti

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

Next message: Scott J: "Weakness introduced by denying remote logins on AIX, possibly others"

Previous message: Gene LeDuc: "RE: Password changes more than once per day"
In reply to: Bob Kelley: "Password changes more than once per day"
Next in thread: Joey Peloquin: "RE: Password changes more than once per day"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Physical Security Quesiton
... I've tried explaining the reasoning, but the client would ... Tell them there's an entire domain on physical security within the ... physica access to a box allows people to circumvent password security ...
(comp.security.misc)
Re: Security Key
... > My apologies. ... This was my first post & i did not realize i should ... My reasoning was that i thought it was ... > a security issue w/a key registered in XP. ...
(microsoft.public.windowsxp.help_and_support)
Re: is it a bad idea to use unstable on a server ?
... see the reasoning of why stable has a security section. ... dont run servers but this is just my knowledge of debian/server ... I just wanted to check whether I was paranoid ...
(Debian-User)
RE: WebDav Worm?
... I've seen the exact same pattern from 7 different source IPs in the ... All source IPs appear to be DSL or cable modem, ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
(Incidents)
RE: Life After CISSP?
... Subject: Life After CISSP? ... The contents of this email and any attachments to it may contain ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
(Security-Basics)