Re: Password Cracking & Consequences

[Geoff Nathan <geoffnathan () WAYNE EDU>]

At 04:29 PM 8/26/2004, you wrote:

> What would be the circumstances under which IT would "crack" a faculty
> member's password. Unless there is a violation of the acceptable use
> policy or is it that the individual forgets the password?

I would suggest that if a password can be cracked it's no longer doing its
job and needs to be changed (and its owner should be told that).  Now
whether schools deliberately try to crack passwords is a different
question, although some do (and I know of a few individual departments with
a higher than average number of techies in residence that don't permit
crackable passwords).
On a slightly parallel note, does anyone know of a self-service password
tester--something that would let people test their passwords and let them
know whether it is acceptable (with all appropriate safeguards in place, of
course--it could even be anonymous).

Geoff
Geoffrey S. Nathan <geoffnathan () wayne edu>
Security Coordinator, Computing and Information Technology,
       and Associate Professor of English
Linguistics Program                     Phone Numbers
Department of English                   Computing and Information Technology:  (313) 577-1259
Wayne State University                  Linguistics (English):  (313) 577-8621
Detroit, MI, 48202                      C&IT Fax: (313) 577-1338

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.