Let’s start a movement!
In spring 2009 I published an article in the Hoosier Banker magazine.
The article, entitled “Sometimes Say Never,” was a slightly humorous “manifesto” about the illusion of password aging as a control.
The issue seems to be rising again. It came up in a meeting with a client who forwarded me a link to another great article about password aging, by Christopher Null (the technology writer for Yahoo! News.) This one cites recent studies!
Meanwhile I’m hearing from people who have discovered my post. Not one e-mail has pointed out something I might be missing in terms of my reasoning. They are all saying “exactly” and “right on.”
We auditors are still compelled to require at least 90 days, because we don’t want another auditor to come behind us and ding our clients for not following that practice. If you digg these articles, maybe we can change the mentality rather than our passwords!
At the least, you now have at least two articles to hand out in your next examination exit interview!
Dan Hadaway CISA, CISM
Leave a comment
We have recently made a significant change to our Incident Response Policy regarding Read more
Even if you haven’t ever used Facebook, your friends and family may have already let Read more
Just in time for the next round of SOC reviews, we’ve reviewed and updated our metric Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more