Educause Security Discussion mailing list archives
Re: Password aging
From: Jenny Gluck <jsgluck () SYR EDU>
Date: Thu, 8 Jan 2004 12:56:23 -0500
We have a central account management system that manages the passwords on LDAP and NIS directories. We plan to provision NDS and AD in the future. We identified the following rules for our system. ==> The password must be 7 or 8 characters. ==> At least 4 characters must be different, and there cannot be consecutive repeats of characters. ==> The password must include at least one lowercase letter, one number, one uppercase letter, and one non-alphanumeric character. (For example, aab!ccd!, aab!ccd#, and a*a*a*a* would fail, but Abc!jk1!, D1ngd!ng, and B*12fr*g would pass.) ==> The special characters {}<>+~^% are not allowed. ==> A dictionary check that goes down to 2 letter words being checked against a dictionary of words is in place. (We may weaken this to 3 letter words.) ==> We do not use password aging at this time. Jenny -----Original Message----- From: Seruya, Stewart [mailto:stewart () MIAMI EDU] Sent: Wednesday, January 07, 2004 6:29 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password aging I'm trying to get a sense on how many have a university-wide Password policy. Second, do any have a password aging rule? Your input is appreciated. Stewart Seruya University of Miami ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. Jenny S. Gluck Director, Network and System Services Syracuse University 201 Machinery Hall Syracuse, New York 13244 Voice: 315.443.5772 Email: jsgluck () syr edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Password aging Seruya, Stewart (Jan 07)
- <Possible follow-ups>
- Re: Password aging Scott Bradner (Jan 07)
- Re: Password aging Gary Dobbins (Jan 07)
- Re: Password aging Tim Lane (Jan 07)
- Re: Password aging Brian Reilly (Jan 07)
- Re: Password aging Theresa M Rowe (Jan 08)
- Re: Password aging Jane Drews (Jan 08)
- Re: Password aging Paul Younker (Jan 08)
- Re: Password aging Dick Jacobson (Jan 08)
- Re: Password aging Paul Russell (Jan 08)
- Re: Password aging Jenny Gluck (Jan 08)
- Re: Password aging Scott Bradner (Jan 08)
- Re: Password aging Jenny Gluck (Jan 08)
- Re: Password aging Cal Frye (Jan 08)
- Re: Password aging Scott Bradner (Jan 08)
- Re: Password aging Scott Bradner (Jan 08)
- Re: Password aging Cal Frye (Jan 08)
- Re: Password aging Cal Frye (Jan 08)
- Re: Password aging Monday, Kathy (Jan 08)
- Re: Password aging Dan Updegrove (Jan 09)
- Re: Password aging Kevin Shalla (Jan 09)
(Thread continues...)