Let’s start a movement!
In spring 2009 I published an article in the Hoosier Banker magazine.
The article, entitled “Sometimes Say Never,” was a slightly humorous “manifesto” about the illusion of password aging as a control.
The issue seems to be rising again. It came up in a meeting with a client who forwarded me a link to another great article about password aging, by Christopher Null (the technology writer for Yahoo! News.) This one cites recent studies!
Meanwhile I’m hearing from people who have discovered my post. Not one e-mail has pointed out something I might be missing in terms of my reasoning. They are all saying “exactly” and “right on.”
We auditors are still compelled to require at least 90 days, because we don’t want another auditor to come behind us and ding our clients for not following that practice. If you digg these articles, maybe we can change the mentality rather than our passwords!
At the least, you now have at least two articles to hand out in your next examination exit interview!
Dan Hadaway CISA, CISM
Leave a comment
Many organizations spend time and money deploying endpoint protection, then think the Read more
Some small organizations continue to use customer data to generate initial passwords, Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Risk isn’t the only thing to consider when planning a decision tree. Another one of t Read more