For some reasons that you might want to reconsider this, see: http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/ and http://www.smat.us/sanity/expharmful.html Why do you think a 30-day expiration "is absolutely essential"? > -----Original Message----- > From: MSU Network Administrators Group > [mailto:[log in to unmask]] On Behalf Of Bryan Murphy > Sent: Tuesday, May 16, 2006 11:47 AM > To: [log in to unmask] > Subject: [MSUNAG] Password Expiration Policies > > Hi Guys, > > I am about to implement a password policy that calls for > password expiration every 30 days. I have run my policy by a > small group of faculty and found that this (as I suspected) > is the only point of contention in the policy. > > From a security stand point this is absolutely essential for > a number of reasons, and I have explained these reasons but > still get guff. > > For some reason stating "department x has this same policy" > or "x % of the departments on campus already do this" works > far better than logical explanations... So I was wondering if > anyone in NAG'Land would mind sharing what they are doing for > departmental password policies. > > Thank you. > > ,--------------------------------------------+---------------- > -------------, > | Bryan Murphy, CISSP | > [log in to unmask] | > | Information Technology Coordinator | > 517.432.5939 w | > | MSU Plant Research Lab & Plant Biology | > 517.355.1926 fax | > | 132a Plant Biology Bldg. | > http://infotech.prl.msu.edu | > '--------------------------------------------+---------------- > -------------' >