Hi Guys, I am about to implement a password policy that calls for password expiration every 30 days. I have run my policy by a small group of faculty and found that this (as I suspected) is the only point of contention in the policy. From a security stand point this is absolutely essential for a number of reasons, and I have explained these reasons but still get guff. For some reason stating "department x has this same policy" or "x % of the departments on campus already do this" works far better than logical explanations... So I was wondering if anyone in NAG'Land would mind sharing what they are doing for departmental password policies. Thank you. ,--------------------------------------------+-----------------------------, | Bryan Murphy, CISSP | [log in to unmask] | | Information Technology Coordinator | 517.432.5939 w | | MSU Plant Research Lab & Plant Biology | 517.355.1926 fax | | 132a Plant Biology Bldg. | http://infotech.prl.msu.edu | '--------------------------------------------+-----------------------------'