There was a similar post in one of the Linkedin security forums several weeks ago, where the same conclusion was drawn.
It is generally pretty easy to pick out the USERS and the ADMINS in the list. The users hate having to change their passwords, and Admins want to force them change it as often as possible. In that "debate" it got kind of ugly with the naming calling, etc. My primary take on it is, If a user's password is compromised and they are not forced to change it from time to time, however has the compromised password is going to have free reign of your network as long as that password is not changed. So as a long as passwords are used for authtencation they need to be changed periodicly. How often, that is up to debate. Mike From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Dave Lum Sent: Monday, April 25, 2016 6:56 PM To: ntsys...@lists.myitforum.com Subject: [NTSysADM] Password expiring debate on patch management Anyone see the debate on the Patch management list, driven by this: https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry I don't even know how it's a debate other than the desired frequency (no one-size-fits-all on that IMO). Even six months is far better than never. With expiring passwords you at bare minimum mitigate employee's that leave. David Lum Systems Administrator III P: 503.943.2500 E: l...@ochin.org <mailto:l...@ochin.org> A: 1881 SW Naito Parkway, Portland, OR 97201 <https://www.facebook.com/OCHINinc> <https://twitter.com/ochininc> <http://www.linkedin.com/company/ochin> <https://www.ochin.org/> www.ochin.org Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender with a copy to complia...@ochin.org <mailto:complia...@ochin.org> , delete this email and destroy all copies.
smime.p7s
Description: S/MIME cryptographic signature
