For some reasons that you might want to reconsider this, see:
http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/
and
http://www.smat.us/sanity/expharmful.html
Why do you think a 30-day expiration "is absolutely essential"?
> -----Original Message-----
> From: MSU Network Administrators Group
> [mailto:[log in to unmask]] On Behalf Of Bryan Murphy
> Sent: Tuesday, May 16, 2006 11:47 AM
> To: [log in to unmask]
> Subject: [MSUNAG] Password Expiration Policies
>
> Hi Guys,
>
> I am about to implement a password policy that calls for
> password expiration every 30 days. I have run my policy by a
> small group of faculty and found that this (as I suspected)
> is the only point of contention in the policy.
>
> From a security stand point this is absolutely essential for
> a number of reasons, and I have explained these reasons but
> still get guff.
>
> For some reason stating "department x has this same policy"
> or "x % of the departments on campus already do this" works
> far better than logical explanations... So I was wondering if
> anyone in NAG'Land would mind sharing what they are doing for
> departmental password policies.
>
> Thank you.
>
> ,--------------------------------------------+----------------
> -------------,
> | Bryan Murphy, CISSP |
> [log in to unmask] |
> | Information Technology Coordinator |
> 517.432.5939 w |
> | MSU Plant Research Lab & Plant Biology |
> 517.355.1926 fax |
> | 132a Plant Biology Bldg. |
> http://infotech.prl.msu.edu |
> '--------------------------------------------+----------------
> -------------'
>
|