Educause Security Discussion mailing list archives
Re: Passphrases v Password
From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Fri, 5 Jul 2013 14:53:42 -0700
On 07/05/13 11:57, randy wrote:
How do you enforce "passphrases"? :-) Our current password rules are at http://www.awareness.security.vt.edu/passwords/strong_passwords.html. It will be interesting to see the user reaction to the 16 character minimum requirement.
xkcd has in interesting discussion of password/passphrase strength: https://xkcd.com/936/ (Moral of the story: We've successfully trained users to create passwords that are hard for them to remember but easy for computers to guess.) The only catch with using long passphrases is that it's better that they NOT be grammatically correct: http://www.cs.cmu.edu/~agrao/paper/Effect_of_Grammar_on_Security_of_Long_Passwords.pdf michael
Current thread:
- Passphrases v Password Cathy Hubbs (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Joel L. Rosenblatt (Jul 05)
- Re: Passphrases v Password Cathy Hubbs (Jul 05)
- Re: Passphrases v Password randy (Jul 05)
- Re: Passphrases v Password SCHALIP, MICHAEL (Jul 05)
- Re: Passphrases v Password Michael Sinatra (Jul 05)
- Re: Passphrases v Password Rich Graves (Jul 05)
- Re: Passphrases v Password Steven Alexander (Jul 05)
- Re: Passphrases v Password Rich Graves (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Rich Graves (Jul 05)
- Re: Passphrases v Password Mike Osterman (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Steven Alexander (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Cathy Hubbs (Jul 05)
- Re: Passphrases v Password scott hollatz (Jul 05)
- Re: Passphrases v Password Ray McClure (Jul 06)
- Re: Passphrases v Password scott hollatz (Jul 05)