Observations on this post
1-Keeping a record of a password would compromise the integrity of the
password which violate basic tenets of security protocol as there should
be alternatives to access systems.
2-I am not aware of any regulatory reason to retain passwords
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On
Behalf Of Gerry McFatridge
Sent: Thursday, September 11, 2008 9:07 AM
To: [log in to unmask]
Subject: Re: Scheduling passwords
I don't know why you would keep old passwords as records but in light of
recent events in San Francisco I can see that it makes sense to keep a
record of current administrator or "root" or "super user" passwords.
Maybe even store them in those kind of plastic holders you see in the
movies which they crack open to get missile launch codes <grin>
Many systems automatically prompt/expire passwords on a periodic basis
(every 6 months, 12 months, whatever)so I guess retention could just
follow that cycle.
On systems that use some sort of biometric input or swiped card in lieu
of a manually typed password that info would not be quite as perishable
and would be stored in the system itself. I guess retention could follow
the tenure of the employee or replacement of a lost card. Actually, on
those sort of systems I don't even know if you could get that password
info out to store it elsewhere as a record.
Interesting question.
To answer the question though - no we don't keep passwords as records.
Gerry
Va Beach, VA
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On
Behalf Of Baareman, Todd
Sent: Thursday, September 11, 2008 8:34 AM
To: [log in to unmask]
Subject: Re: Scheduling passwords
What would be the reasoning to retain past passwords? I don't see the
business or legal reasoning for doing this. I am open to being
enlightened!
Todd Baareman | Records Management | Steelcase Inc. | 616.246.9581
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On
Behalf Of Berdahl, Siri (LVA)
Sent: Thursday, September 11, 2008 8:16 AM
To: [log in to unmask]
Subject: Scheduling passwords
Good morning,
I am interested in finding out whether any of your organizations
schedule computer passwords as records (i.e. system administrator
passwords). If so, what is your reasoning for doing so and how did you
arrive at a retention period?
Thank you in advance for any replies.
Siri Berdahl
Electronic Records Analyst
The Library of Virginia
800 East Broad Street
Richmond, VA 23219-8000
[log in to unmask]
P: 804-692-3768
F: 804-692-3603
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance To unsubscribe
from this list, click the below link. If not already present, place
UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance To unsubscribe
from this list, click the below link. If not already present, place
UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance To unsubscribe
from this list, click the below link. If not already present, place
UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
