Security Basics mailing list archives
Re: Password Management
From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Sun, 23 Apr 2006 13:11:25 -0700
I believe 'nightwatchman' hit all your foundational pwd policies. But here are a few more to think about. Just fill in the ??? with whatever suits your security policies. Keep in mind, the policy for normal user accts should be different from generic/service accts. Contain at least ??? numeric Contain at least ??? non-numeric Min length ??? Non-numeric in first/last position (if technically feasible) Max consecutive identical char from any position in previous pwd ??? Max identical consecutive char ??? Contain User ID as part of pwd ??? Max change interval ??? days Pwd expiration notification time ??? days Number of pwd changes for which pwd cannot be reused ??? Sharing pwd ??? Non-expiring pwds ??? Pwd transmission ??? Pwd storage ??? Pwd expiration ??? Pwd filtering (if technically feasible) Forced to change initial pwd at first logon and pwd must expire ??? hrs from date of issue Have fun! On 21 Apr 2006 18:13:45 -0000, nightwatchman () comcast net <nightwatchman () comcast net> wrote:
Passwords should: 1.) change every 90 days 2.) contain atleast a combination of 3 classes of characters i.e. one or more uppercase, lowercase, non alpha numeric, and numeric. 3.) not be the same as the person's name, address or birthday or easily guessed from a person's personal information. 4.) not be written down. 5.) difficult to guess but easy to remember - phrases with substituted character classes seem to be easy to remember and work best for this. 6.) should not be stored unencrypted 7.) centrally managed in an authentication system. 8.) they shouldnt be shared with other users. Service accounts ofcourse aren't subject to the 90 day limit. ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
-- Alexander.Bolante () gmail com abolante.blogspot.com ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- RE: Password Management, (continued)
- RE: Password Management Chandra, Sharath V Ctr SAF/FMPT (Apr 21)
- RE: Password Management Andrew Williams (Apr 21)
- RE: Password Management Crawley, Jim (Apr 21)
- Re: Password Management Jason T. Hallahan (Apr 21)
- Re: Password Management Kelly Martin (Apr 21)
- Re: Password Management Turk (Apr 24)
- Re: Password Management Micheal Espinola Jr (Apr 24)
- Re: Password Management Jason T. Hallahan (Apr 21)
- RE: Password Management Lorteau Clement (Apr 21)
- Re: Password Management nightwatchman (Apr 21)
- Re: Password Management Bill Cullen (Apr 24)
- Re: Password Management Alexander Bolante (Apr 24)
- Re: Password Management l00t3r (Apr 24)
- RE: Password Management Christopher Carpenter (Apr 24)
- Re: Password Management Stephen John Smoogen (Apr 24)
- RE: Password Management Donald N Kenepp (Apr 25)
- RE: Password Management cv arun (Apr 25)
- Re: Password Management Ansgar -59cobalt- Wiechers (Apr 26)
- RE: Password Management Utz, Ralph (Apr 24)
- Re: Password Management James Harless (Apr 24)
- Re: Password Management James Harless (Apr 24)
- Re: Password Management Derek Schaible (Apr 25)