Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Wed, 21 Nov 2007 17:32:51 -0700
At 04:35 PM 11/20/2007 -0500, Andrea Beesing wrote:
I am sending you a link to an interim policy which includes information about our current password standard. When we implemented the password complexity rules we chose not to include password aging/expiration. It's very possible that this decision could be revisited in the future as we refine our approach to data classification and security. http://www.cit.cornell.edu/policy/interim/AuthenticationITR.html
It says "The password must never be shared, written down, or stored in electronic form." Does that mean programs like Password Safe can't be used to store an encrypted password? What about the authentication itself? It stores the encrypted password in electronic form. -Eric Eric Case, CISSP <ecase () Arizona edu> Information Security Officer College of Engineering <http://www.Engr.Arizona.edu> 1127 E James E. Rogers Way Room 200 Tucson, AZ 85721-0020 Mobile Phone 520-275-6436
Current thread:
- Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases Roger Safian (Nov 20)
- Re: Passwords & Passphrases Harold Winshel (Nov 20)
- Re: Passwords & Passphrases Steven Alexander (Nov 20)
- Re: Passwords & Passphrases John Ladwig (Nov 20)
- Re: Passwords & Passphrases Ozzie Paez (Nov 20)
- Re: Passwords & Passphrases David Harley (Nov 20)
- Re: Passwords & Passphrases Zach Jansen (Nov 20)
- Re: Passwords & Passphrases Gary Flynn (Nov 20)
- Re: Passwords & Passphrases Matthew Gracie (Nov 20)
- Re: Fwd: Passwords & Passphrases Andrea Beesing (Nov 20)
- Re: Passwords & Passphrases Eric Case (Nov 21)
- Re: Passwords & Passphrases Andrea Beesing (Nov 25)
- Re: Passwords & Passphrases Kees Leune (Nov 26)
- Re: Passwords & Passphrases Paul Keser (Nov 26)