From: Kevin W. Wall <[email protected]> >Or whatever. The misconception is of course, that this >truly is "best practice". Pretty sure that it's some CYA >policy along this line that is driving this. And IT has learned >it's just easy to implement whatever legal requests than to >argue the rationality of the decision with their legal department.
Legal is staffed by lawyers, whose first or second concern is mitigation of risk to the organization, and whose second or first concern is mitigation of risk to the lawyer making the calls. If IT says passwords should be changed every thirty days, Legal is gonna say that passwords should be changed every thirty days. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
