Educause Security Discussion mailing list archives
Re: Follow up to password vs pass-phrase discussion
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Tue, 27 Apr 2010 14:30:28 -0500
At 02:22 PM 4/27/2010, Kamnab Keo/FS/VCU put fingers to keyboard and wrote:
Does anyone advocate the use of pass-phrases vs passwords and allowing users the ability to use pass-phrases if they want to? For example, do you allow your users to use pass-phrases that consist of 15 characters or more with no complexity requirements but passwords with 7 to 14 characters must have some type of complexity (uppercase, number, special character)?
What's the difference? It seems to me that what you are saying is if your password/phrase is longer than X (14 in this case) you are willing to not subject them to the same rules for password/phrases that are not. The password or passphrase just seems like semantics and muddies the water. What am I missing? -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 467-6437 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 27)
- <Possible follow-ups>
- Re: Follow up to password vs pass-phrase discussion Sheri J Thompson (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Roger Safian (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Bill Badertscher (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Davis, Thomas R (Apr 28)
- Re: Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 28)