Security Basics: Password changes more than once per day

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Password changes more than once per day

From: Bob Kelley <bob_kelley_jr () yahoo com>
Date: 10 Feb 2004 21:32:10 -0000



Can someone please explain the security implications of allowing a user to change their password more than one time per 
day without involving an account administrator? What's the risk ?

I specified the security requirement of not allowing a user to change their password more than once per day for an 
outsourcing project and I am being asked why. I could not remember my reasoning other than it's a requirement for 
microsoft security policies to ensure password history is enforced.  

Thanks!

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

By Date By Thread

Current thread:

Password changes more than once per day Bob Kelley (Feb 10)
- Re: Password changes more than once per day Charlie Fraser (Feb 10)
- Re: Password changes more than once per day bauchi (Feb 10)
- RE: Password changes more than once per day Joey Peloquin (Feb 10)
- <Possible follow-ups>
- RE: Password changes more than once per day Pamela Gott (Feb 10)
- RE: Password changes more than once per day Gene LeDuc (Feb 10)