Educause Security Discussion mailing list archives

15 character minimum passwords

From: Scott Bradner <sob () HARVARD EDU>
Date: Fri, 9 Jul 2004 09:05:07 -0400

what problem are you trying to solve with 15 character passwords

if you have a limit on incorrect password guesses then going from
8 to 15 characters makes no difference to fighting a guessing attack

the only threats I can see where going to 15 characters would make
a possible difference is watching over someone's shoulder to catch a
password and leaving the password file some place it can be grabbed
for a brute force attack

am I missing something?

the main effect I would predict is pissed off users - and that does not
seem like a security advantage

Scott

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

15 character minimum passwords Todd Gunter (Jul 08)
- <Possible follow-ups>
- Re: 15 character minimum passwords Eric Pancer (Jul 08)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 08)
- Re: 15 character minimum passwords David Wall @ Yozons, Inc. (Jul 08)
- Re: 15 character minimum passwords Bill Frazier (Jul 09)
- 15 character minimum passwords Scott Bradner (Jul 09)
- Re: 15 character minimum passwords Greg Jackson (Jul 09)
- Re: 15 character minimum passwords Rich Graves (Jul 09)
- Re: 15 character minimum passwords Gary Flynn (Jul 09)
- Re: 15 character minimum passwords Gary Dobbins (Jul 09)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 09)
- Re: 15 character minimum passwords Buz Dale (Jul 09)
- Re: 15 character minimum passwords Matthew Keller (Jul 09)
- Re: 15 character minimum passwords Melissa Guenther (Jul 09)
- Re: 15 character minimum passwords Leslie Maltz (Jul 09)
- Re: 15 character minimum passwords Jim Loter (Jul 09)

(Thread continues...)