Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Passwords: To Age or not to Age?
CIO Digest - 21 Oct 2013 to 23 Oct 2013 (#2013-266)********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
At the insistence of our auditors, we have a 120-day password expiration policy at our institution. We also enforce password complexity requirements and account lockouts after a certain number of failed login attempts. Our password aging policy is quite unpopular at our institution and our users take all sorts of measures like minor sequential number increments to cope. Who can blame them?
We have been researching this recently and the evidence seems mixed. There seems to be as good evidence showing the value of password aging as there is evidence showing that it is a big waste of time. I’d like to hear how you folks are handling this question.
Chief Technology Officer
The Juilliard School