Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 15 character minimum passwords

From: Buz Dale <buz.dale () USG EDU>
Date: Fri, 9 Jul 2004 11:13:11 -0400
An 8 character minimum with a few qualifications (add a number or non
alpha character, etc.) seem sfairly reasonable.  With a 15 character
password, look out helpdesk.  There will probably be a lot more requests
for password resets and unlocking accounts.
IMHO,
Buz


Scott Bradner wrote:

what problem are you trying to solve with 15 character passwords

if you have a limit on incorrect password guesses then going from
8 to 15 characters makes no difference to fighting a guessing attack

the only threats I can see where going to 15 characters would make
a possible difference is watching over someone's shoulder to catch a
password and leaving the password file some place it can be grabbed
for a brute force attack

am I missing something?

the main effect I would predict is pissed off users - and that does not
seem like a security advantage

Scott

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.



--
----
Buz Dale                                buz.dale () usg edu
IT Security Specialist              1-888-875-3697
Office of Information and Instructional Technology
University System of Georgia

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: