Educause Security Discussion mailing list archives
Re: Password Standards
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Wed, 3 Sep 2014 21:15:58 +0000
Many of the responses, the password policy pages particularly, were quite similar with only a few notable, but slight differences. I only saw a couple that mentioned how passwords were to be stored by developers and only with the vague notion of "encryption". More guidelines for internal developers or third parties might be nice. Specifically, detail tools and methods for using and storing a hash and salt, syadmins performing password crack audits and so on.
John - Speaking for myself, I was just trying to answer the original question. The larger question you now pose is likely also covered in the mountain of polices most of us have. As a sample, I give you: http://www.it.northwestern.edu/policies/softwareauth.html http://www.it.northwestern.edu/policies/bid.html http://www.it.northwestern.edu/policies/dataencryption.html A little dorking on our various websites may yield similar results.
Current thread:
- Re: Password Standards, (continued)
- Re: Password Standards Ken Connelly (Sep 02)
- Re: Password Standards Mally Mclane (Sep 03)
- Re: Password Standards Shamblin, Quinn (Sep 03)
- Re: Password Standards Mally Mclane (Sep 03)
- Re: Password Standards Ben Woelk (Sep 02)
- Re: Password Standards Roger A Safian (Sep 02)
- Re: Password Standards Stephen C. Gay (Sep 02)
- Re: Password Standards Greene, Allen (Sep 02)
- Re: Password Standards Carson, Larry (Sep 02)
- Re: Password Standards Tim Faircloth (Sep 03)
- Re: Password Standards John Kristoff (Sep 03)
- Re: Password Standards Roger A Safian (Sep 03)
- Re: Password Standards Shane, Annie (Sep 03)
- Re: Password Standards Ken Connelly (Sep 02)