Implementing "Password Never Expires" – Process, Documentation and Risk Assessments
Authors: Alme Santic, Camilla Lyngedal

Date: November 20 2018
Publication: PasswordsCon 2018 Stockholm
Source: Currently no known Internet copy of paper.

Abstract or Summary:

Sykehuspartner, the ICT provider for Norway’s largest regional health care trust, recently chose to implement a voluntary “password never expires” policy, as proposed by NIST SP 800-63B. Why? And what happened?

In this presentation, Camilla Lyngedal and Almedin Santic will explain the business needs behind the change in policy, and which benefits Sykehuspartner hopes to achieve by implementing “password never expires” – and will share the preliminary results so far.

The presentation will focus on process, involvement and risk – and the inherent privacy issues related to performing password strength verification.

Camilla Lyngedal is a security advisor in Sykehuspartner, working with policy, process and risk. She believes that awareness is key to better information security, and works every day to impact her colleagues.

Almedin Santic is part of the Sykehuspartner in-house information security auditing team. He has more than 6 years of experience within audits and advisory in governmental organizations. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019