[KLUG Members] Passwd help

[Tony Gettig]

I 100% agree with everything Adam has said. I work for a school district too,
and if anything, better password security is needed, not less. There are a LOT
of legal ramifications to this (FERPA, HIPPA, etc). Make it easier for the bad
guys (which is sometimes your students) and you're widening an already big
security hole (end users).

Do you have a security policy adopted by your board? If so, does this decision
for less secure passwords line up with it? As Adam mentioned, what does the
attorney for the district think of this? 

SANS is putting together a "Security Awareness" web based training for users. In
their demo, they have a GREAT true story of why secure passwords are important. 

https://www.sans.org/awareness/

Probably the saddest thing is that it appears network security is not modeled
from the top down in your district. :(

Tony Gettig



Quoting Adam Williams <awilliam@whitemice.org>:

> > GAAH... I am feeling blind.
> > I can't for the life of me figure out how to change the password
> > requirements for passwd. The Super Intendent of the schools is telling us
> > to allow less secure passwords.
> 
> <RANT: Obligatory>
> *LESS*?  Is the moron on crack?  Itching to get the system exploited or
> eager to get sued when someone acquires personal information about
> another user they aren't supposed to have access to?  That can get
> *NASTY*. Has he talked to the lawyers about this?  Your going to say to
> the auditor, "Yea, our security policies are a joke, but thats on
> purpose."
> </RANT>
...

-- 
Tony Gettig
Voiceovers, PGP key, and more at
http://gettig.net