Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Passwords & Passphrases

From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Mon, 19 Nov 2007 21:38:31 -0700
At 11:48 AM 11/19/2007 -0600, Brian T Nichols wrote:

Does anyone have a standard and/or policy they can share?


     My "draft" standard is at
<http://security.engr.arizona.edu/Standards/IS-s200_Password_Standard.pdf>.
It's been approved by the IT board but I haven't had time to update
the document, start communicating the change from 8 to 12 characters
to the users or anything else.

     Have you see Mark Burnett's book "Perfect Passwords: Selection,
Protection, Authentication" or his passphrase generator Pafwert
<http://xato.net/bl/2007/01/30/pafwert-smarter-passwords>?  What do
you think of
        C:\work\resume.pdf
        Santa () WestPole gov
        7 is VII = 3+4
for passwords?  We can "think outside the box" when it comes to
passwords.  See also <http://security.engr.arizona.edu/Library/Passwords.shtm>.
-Eric

Trivia?  Is the oldest passphrase "Open, says me!" from "Ali Baba and
the Forty Thieves?"




Eric Case, CISSP  <ecase () Arizona edu>
Information Security Officer
College of Engineering   <http://www.Engr.Arizona.edu>
1127 E James E. Rogers Way Room 200
Tucson, AZ 85721-0020
Mobile Phone 520-275-6436
Previous By Date Next
Previous By Thread Next

Current thread: