Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Mon, 19 Nov 2007 12:32:50 -0600
Our current policy is: Minimum of 8 characters At least one uppercase, lowercase, and number Cannot reuse the last 10 passwords (There are ways around this though) We currently force password changes each semester, but are moving to every 90 days May not contain the users account name I have been working on a (personal) project that will be implemented with the above. When a user goes to change their password they will not be able to use one that has been cracked or pre-generated. Essentially there will not be as many easily guessed passwords, so no "Password1" or "ThisSucks1". -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator OTC Computer Networking (417) 447-7535 ________________________________ From: Brian T Nichols [mailto:bnichols () LSU EDU] Sent: Monday, November 19, 2007 11:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Passwords & Passphrases Colleagues, We are researching best practices regarding passwords and passphrases (length, complexity, expiration, etc..). Does anyone have a standard and/or policy they can share? Thanks in advance! -Brian Brian Nichols, CISSP, CISM, CISA, CIA Chief IT Security & Policy Officer Louisiana State University
Current thread:
- Passwords & Passphrases Brian T Nichols (Nov 19)
- <Possible follow-ups>
- Re: Passwords & Passphrases Torres, Juan (Nov 19)
- Re: Passwords & Passphrases J. Alex Campoe (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases HALL, NATHANIEL D. (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Steve Worona (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Sweeny, Jonny (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Martin Manjak (Nov 19)
(Thread continues...)