Educause Security Discussion mailing list archives
Password keepers (was Re: Password policy)
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 1 Nov 2006 15:57:56 -0600
All our administrative accounts for servers and infrastructure are moanaged using PasswordSafe. And I encourage people to use it for any other needs they might have, but we don't insist on wide use, at this time. -jml
dobbins () ND EDU 2006-11-01 13:17 >>>
The thread on PW strength reminds me of a companion question: Is anyone providing recommended cross-platform password-safe tools? Things like PasswordSafe, KeePass, etc. come to mind. These free products are looking very robust, and even have PDA versions, not to mention the commercial options. Since we advise our users to choose different passwords for each of their accounts, enterprise or not, they naturally need something safe to keep them all in (i.e. when the post-it becomes full ;-). Buz Dale wrote:
Hi Brian, I've seen some schools move from a 90 to a 180 and ask for more complexity. Just changing the language from password to passphrase
seems
to have a good effect. Luck, Buz Kellogg, Brian D. wrote:A couple questions: 1. Do most enforce password expirations? I came from a large corporation and they enforced a 90 day password expiration policy. It seemed to have the effect of making passwords
less
secure as most would write them down in obvious places. 2. Do most enforce a strong password policy? 3. Any other recommendations/insights along this line would be
helpful.
Thanks, Brian
-- ------------------------------------------------------------ Gary Dobbins, CISSP -- Director, Information Security University of Notre Dame, Office of Information Technologies
Current thread:
- Password keepers (was Re: Password policy) Gary Dobbins (Nov 01)
- <Possible follow-ups>
- Password keepers (was Re: Password policy) John Ladwig (Nov 01)
- Re: Password keepers (was Re: Password policy) Russell Fulton (Nov 01)
- Re: Password keepers (was Re: Password policy) Jeff Giacobbe (Nov 02)