Educause Security Discussion mailing list archives

Re: Password Expatriation notification

From: Alex Keller <alkeller () SFSU EDU>
Date: Thu, 19 Aug 2010 12:04:30 -0700

re: I've watched people who have trouble typing try to enter passwords
and pass-phrases. When every character takes 5 seconds to type, a 9
character password is much easier than a 16 character pass-phrase.

however, it is often easier for people to type passphrases (even poor
typists) becuase the keystrokes are familiar. i am not a great typist
and i can type "Should we go back to the moon?" much faster than
"vf$1048Za".

we are moving to passpharses (where possible) for administrative
accounts. we make sure the passphrase is sufficiently long, not based on
a common slogan, includes both upper and lower case letters, at least
one special character, and a string of numbers: "#Our cabin in cozy in
the thunder!1055". it is a pain at first, but once you can commit it to
muscle memory it gets a lot faster. either that or just cut and paste
out of Keypass or alike.

best,
alex

-- 
Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu

Current thread:

Re: Password Expatriation notification, (continued)
- - - Re: Password Expatriation notification Ullman, Catherine (Aug 19)
    - Re: Password Expatriation notification Mark Monroe (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Walter Moore (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Eric Case (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Deke Kassabian (Aug 19)
    - Re: Password Expatriation notification Alex Keller (Aug 19)
    - Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
    - Re: Password Expatriation notification Charles Buchholtz (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification charlie derr (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification James Farr '05 (Aug 19)
    - Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification Morrow Long (Aug 19)

(Thread continues...)