Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password aging

From: Scott Bradner <sob () HARVARD EDU>
Date: Thu, 8 Jan 2004 13:51:23 -0500
- We had to limit our special case characters, because one or more of the =
active systems (e.g. operating systems, applications, and databases) would =
not allow those specific special characters as part of their password.


sad to hear that


- We also discovered some systems would not handle the longer password =
length, which forced us to set the 8 character limit.=20


meaning that the systems did not truncate the string the user typed in?

what we do here (at least on the central PIN server) is truncate the
string the user types in when they set the passwd and only check
the 1st 8 characters when verifying - while I've seen a few systems
poorly programmed enough to not know how to truncate the input
string, they are rare and it seems a shame to make the world harder for
the users because of a few poor programmers

Scott

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: