Re: Password aging

[Jenny Gluck <jsgluck () SYR EDU>]

We have a central account management system that manages the passwords on LDAP and NIS directories. We plan to 
provision NDS and AD in the future. We identified the following rules for our system.

==> The password must be 7 or 8 characters. 

==> At least 4 characters must be different, and there cannot be consecutive repeats of characters. 

==> The password must include at least one lowercase letter, one number, one uppercase letter, and one non-alphanumeric 
character.
(For example, aab!ccd!, aab!ccd#, and a*a*a*a* would fail, but Abc!jk1!, D1ngd!ng, and B*12fr*g would pass.) 

==> The special characters {}<>+~^% are not allowed. 

==>  A dictionary check that goes down to 2 letter words being checked against a dictionary of words is in place. (We 
may weaken this to 3 letter words.)  

==> We do not use password aging at this time.

Jenny

-----Original Message-----
From: Seruya, Stewart [mailto:stewart () MIAMI EDU] 
Sent: Wednesday, January 07, 2004 6:29 PM
To: SECURITY () LISTSERV EDUCAUSE EDU 
Subject: [SECURITY] Password aging



I'm trying to get a sense on how many have a university-wide Password
policy.  Second, do any have a password aging rule?  

Your input is appreciated.  

Stewart Seruya

University of Miami

********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Jenny S. Gluck
Director, Network and System Services
Syracuse University
201 Machinery Hall
Syracuse, New York
13244

Voice: 315.443.5772
Email: jsgluck () syr edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.