Let’s start a movement!

In spring 2009 I published an article in the Hoosier Banker magazine.

The article, entitled “Sometimes Say Never,” was a slightly humorous “manifesto” about the illusion of password aging as a control.

The issue seems to be rising again.  It came up in a meeting with a client who forwarded me a link to another great article about password aging, by Christopher Null (the technology writer for Yahoo! News.)  This one cites recent studies!

Meanwhile I’m hearing from people who have discovered my post.  Not one e-mail has pointed out something I might be missing in terms of my reasoning.  They are all saying “exactly” and “right on.”

We auditors are still compelled to require at least 90 days, because we don’t want another auditor to come behind us and ding our clients for not following that practice.  If you digg these articles, maybe we can change the mentality rather than our passwords!

At the least, you now have at least two articles to hand out in your next examination exit interview!

Posted by:
Dan Hadaway CISA, CISM
Chief Instigator

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to offerings.infotex.com! We even made a movie with all the reasons why infotex...

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...