Educause Security Discussion mailing list archives
Re: Password Complexity and Aging
From: Tom Siu <thomas.siu () CASE EDU>
Date: Sun, 12 Apr 2009 11:22:39 -0400
We did it this year... All passwords in the central directory, which authenticate all academic and business systems (e.g. Student Information System, HR, Blackboard, email, etc.) change on an 365-day basis. People who work with sensitive information (by department, including IT) have 180-day maximum password age. The password expiration does not apply to alumni accounts because they really cannot access anything other than public information. We implemented complexity requirements in 2005, which include: 8-characters or numbers consisting of at least three of these four characteristics: -no more than 4 numbers in a group -upper case -lower case - special characters We now track password ages- and I've got pretty graphs to show the age distros. Contact me off list if you'd like to see them. http://www.case.edu/its/password | | | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| Tom Siu Chief Information Security Officer Case Western Reserve University thomas.siu () case edu www.case.edu/its/security my pgp key can be found at pgpkeys.mit.edu 216-368-6959 | | | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| * Make sure you sign up for CaseWARN notifications at https://its-services.case.edu/my-case-notifications/
Attachment:
smime.p7s
Description:
Current thread:
- Re: Password Complexity and Aging, (continued)
- Re: Password Complexity and Aging Tupker, Mike (Apr 09)
- Re: Password Complexity and Aging Eric Case (Apr 09)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 10)
- Re: Password Complexity and Aging Stanclift, Michael (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging King, Ronald A. (Apr 10)
- Re: Password Complexity and Aging Roger Safian (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging Geoff Nathan (Apr 11)
- Re: Password Complexity and Aging Stephen John Smoogen (Apr 11)
- Re: Password Complexity and Aging Tom Siu (Apr 12)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 13)
- Re: Password Complexity and Aging Barros, Jacob (Apr 13)
- Re: Password Complexity and Aging Gary Dobbins (Apr 13)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Allison Dolan (Apr 13)
- Re: Password Complexity and Aging Morrow Long (Apr 13)
- Re: Password Complexity and Aging Schumacher, Adam J (Apr 13)
- Re: Password Complexity and Aging Dexter Caldwell (Apr 13)
- Re: Password Complexity and Aging Basgen, Brian (Apr 13)
(Thread continues...)