Security Basics mailing list archives

RE: Password changes more than once per day

From: Pamela Gott <PGott () Ceon com>
Date: Tue, 10 Feb 2004 15:55:15 -0800

Being able to change a password more than once a day would allow the user to
bypass the password history. If you have the password history set to 5 a
user could change his password 5 times in a row on the same day and then on
the 6 time change it back to his original password. If they are allowed to
do this - no use in setting a password history. By not allowing them to
change it more than once a day deters this behavior.

Pamela Gott 


As soon as you trust yourself, you will know how to live.
Johann Wolfgang von Goethe



-----Original Message-----
From: Bob Kelley [mailto:bob_kelley_jr () yahoo com]
Sent: Tuesday, February 10, 2004 1:32 PM
To: security-basics () securityfocus com
Subject: Password changes more than once per day




Can someone please explain the security implications of allowing a user to
change their password more than one time per day without involving an
account administrator? What's the risk ?



I specified the security requirement of not allowing a user to change their
password more than once per day for an outsourcing project and I am being
asked why. I could not remember my reasoning other than it's a requirement
for microsoft security policies to ensure password history is enforced.  



Thanks!

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

Current thread:

Password changes more than once per day Bob Kelley (Feb 10)
- Re: Password changes more than once per day Charlie Fraser (Feb 10)
- Re: Password changes more than once per day bauchi (Feb 10)
- RE: Password changes more than once per day Joey Peloquin (Feb 10)
- <Possible follow-ups>
- RE: Password changes more than once per day Pamela Gott (Feb 10)
- RE: Password changes more than once per day Gene LeDuc (Feb 10)
- RE: Password changes more than once per day Josh Mills (Feb 11)
- Re: Password changes more than once per day bsec (Feb 11)
- RE: Password changes more than once per day Gene LeDuc (Feb 12)