Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 15 character minimum passwords

From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Fri, 9 Jul 2004 11:25:52 -0400
We recently increased our minimum requirement for passwords to 6-8
characters with at least one alphabet and one numeric character. The
password must also pass a variety of dictionary tests (eg. cracklib).

It's generally held that requiring a more complex password is better
than requiring a longer, yet probably less complex password.
Additionally, as others have pointed out, weaknesses in various
Microsoft hashing schemes can make the protection allegedly afforded by
longer passwords, snake oil.

On Thu, 2004-07-08 at 16:02, Todd Gunter wrote:

Has anyone adopted the use of 15 character minimum passwords?

We are going to start using this password format when we migrate to Windows 2003.  I was wondering if anyone has 
started to use this format and what, if any, issues you had using them?

We see this as a simpler approach to passwords.  Fifteen character password with complexity is simply 
'Ihaveabigmouth.'.  They are also supposed to much harder to crack.

Please let me know your experiences with this move and any bumps in the road to look out for.


--
Matthew Keller
Enterprise Systems Analyst
Computing & Technology Services
State University of New York @ Potsdam
Potsdam, NY USA
http://mattwork.potsdam.edu/

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: