Hi Guys,
I am about to implement a password policy that calls for password expiration
every 30 days. I have run my policy by a small group of faculty and found
that this (as I suspected) is the only point of contention in the policy.
From a security stand point this is absolutely essential for a number of
reasons, and I have explained these reasons but still get guff.
For some reason stating "department x has this same policy" or "x % of the
departments on campus already do this" works far better than logical
explanations... So I was wondering if anyone in NAG'Land would mind sharing
what they are doing for departmental password policies.
Thank you.
,--------------------------------------------+-----------------------------,
| Bryan Murphy, CISSP | [log in to unmask] |
| Information Technology Coordinator | 517.432.5939 w |
| MSU Plant Research Lab & Plant Biology | 517.355.1926 fax |
| 132a Plant Biology Bldg. | http://infotech.prl.msu.edu |
'--------------------------------------------+-----------------------------'
|