CIS News: Slight Revision to Password Policy at Brown

Slight Revision to Password Policy at Brown

Posted on March 20, 2006 09:17 AM

We have modified the Password Policy slightly to discourage the use of desktop "password lists". Saving your passwords in your Web browser's saved password list (or anyplace else on your desktop) can expose the data it protects to anyone else who uses your computer, and possibly to others on the Internet.

The policy change can be reviewed at http://www.brown.edu/cis/policy/password.html, which is linked from http://www.brown.edu/Facilities/CIS/policy/.

Please see the change in section 3.0:

3. All passwords are to be treated as sensitive, confidential information and should therefore never be written down or stored on-line unless adequately secured. Note: Do not use the password storage feature offered on Windows or other operating systems. This feature creates a password file that is vulnerable to hackers.
4. Passwords should not be inserted into email messages or other forms of electronic communication without the consent of IT Security.

Any questions can be directed to ITSecurity@Brown.edu.

[an error occurred while processing this directive]
CIS News « VPN Client 4.9 for Mac \| Main \| Sibelius 4.0 » Slight Revision to Password Policy at Brown Posted on March 20, 2006 09:17 AM We have modified the Password Policy slightly to discourage the use of desktop "password lists". Saving your passwords in your Web browser's saved password list (or anyplace else on your desktop) can expose the data it protects to anyone else who uses your computer, and possibly to others on the Internet. The policy change can be reviewed at http://www.brown.edu/cis/policy/password.html, which is linked from http://www.brown.edu/Facilities/CIS/policy/. Please see the change in section 3.0: 3. All passwords are to be treated as sensitive, confidential information and should therefore never be written down or stored on-line unless adequately secured. Note: Do not use the password storage feature offered on Windows or other operating systems. This feature creates a password file that is vulnerable to hackers. 4. Passwords should not be inserted into email messages or other forms of electronic communication without the consent of IT Security. Any questions can be directed to ITSecurity@Brown.edu.
[an error occurred while processing this directive]