Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Passwords & Passphrases

From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Mon, 19 Nov 2007 15:44:02 -0600
At 02:01 PM 11/19/2007, Martin Manjak put fingers to keyboard and wrote:

move beyond 8 characters with mixed case and special characters. I would
like to see us require a 15 character pass phrase which, in my view, is
more secure (even without complexity), and both easier to type and
remember.


Personally I'd love to see a password minimum length of 15 characters.

My fear is that a password database get's compromised, and the weak
passwords are cracked and bad things take place.  I think that 15
characters is a long enough string to make brute force cracking
time consuming enough to allow us to change the passwords in
a reasonable time-frame.

I think the reality is that 15 characters will be too much for
the community.  We'll see.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"
Previous By Date Next
Previous By Thread Next

Current thread: