Educause Security Discussion mailing list archives
Re: Follow up to password vs pass-phrase discussion
From: Bill Badertscher <wdc8 () GEORGETOWN EDU>
Date: Tue, 27 Apr 2010 15:46:06 -0400
The attached Excel spreadsheet from Eric Cole (Sans.org) offers excellent information on the use of pass phrases vs. passwords. The Notes and Passphrase Politics worksheets include helpful implementation information. -- William D. Badertscher Senior Engineer Facility and Safety Control Systems Georgetown University, Information Services 3300 Whitehaven Street, N.W., Suite 2000 Washington, DC 20007 Email: wdc8 () georgetown edu Mobile: 202-731-2758 Roger Safian wrote:
At 02:22 PM 4/27/2010, Kamnab Keo/FS/VCU put fingers to keyboard and wrote:Does anyone advocate the use of pass-phrases vs passwords and allowing users the ability to use pass-phrases if they want to? For example, do you allow your users to use pass-phrases that consist of 15 characters or more with no complexity requirements but passwords with 7 to 14 characters must have some type of complexity (uppercase, number, special character)?What's the difference? It seems to me that what you are saying is if your password/phrase is longer than X (14 in this case) you are willing to not subject them to the same rules for password/phrases that are not. The password or passphrase just seems like semantics and muddies the water. What am I missing?
Attachment:
Passphrase_Length_and_Complexity_Considerations.xlsx
Description:
Attachment:
wdc8.vcf
Description:
Current thread:
- Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 27)
- <Possible follow-ups>
- Re: Follow up to password vs pass-phrase discussion Sheri J Thompson (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Roger Safian (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Bill Badertscher (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Davis, Thomas R (Apr 28)
- Re: Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 28)