Password keepers (was Re: Password policy)

[John Ladwig <John.Ladwig () CSU MNSCU EDU>]

All our administrative accounts for servers and infrastructure are
moanaged using PasswordSafe.

And I encourage people to use it for any other needs they might have,
but we don't insist on wide use, at this time.

   -jml

> > > dobbins () ND EDU 2006-11-01 13:17 >>>
The thread on PW strength reminds me of a companion question:

Is anyone providing recommended cross-platform password-safe tools?
Things like PasswordSafe, KeePass, etc. come to mind.

These free products are looking very robust, and even have PDA
versions,
  not to mention the commercial options.

Since we advise our users to choose different passwords for each of
their accounts, enterprise or not, they naturally need something safe
to
keep them all in (i.e. when the post-it becomes full ;-).


Buz Dale wrote:
> Hi Brian,
>  I've seen some schools move from a 90 to a 180 and ask for more
> complexity. Just changing the language from password to passphrase
seems
> to have a good effect.
> Luck,
> Buz
>
> Kellogg, Brian D. wrote:
> > A couple questions:
> >
> >
> >
> >    1. Do most enforce password expirations?  I came from a large
> >       corporation and they enforced a 90 day password expiration
> >       policy.  It seemed to have the effect of making passwords
less
> >       secure as most would write them down in obvious places.
> >    2. Do most enforce a strong password policy?
> >    3. Any other recommendations/insights along this line would be
helpful.
> > Thanks,
> >
> >
> >
> > Brian

--

   ------------------------------------------------------------
   Gary Dobbins, CISSP -- Director, Information Security
   University of Notre Dame, Office of Information Technologies