Educause Security Discussion mailing list archives

Re: 15 character minimum passwords

From: Leslie Maltz <lmaltz () COLUMBIA EDU>
Date: Fri, 9 Jul 2004 11:34:09 -0400

This discussion seems to be focusing on the length and not strength of
passwords.  It seems that strong passwords are preferable to long.
Long ones are much more likely to be written down and that seems like
the wrong direction to go.

Has anyone looked into using devices such as secureids as a way to
achieve greater security?
-Leslie
Matthew Keller wrote:

We recently increased our minimum requirement for passwords to 6-8
characters with at least one alphabet and one numeric character. The
password must also pass a variety of dictionary tests (eg. cracklib).

It's generally held that requiring a more complex password is better
than requiring a longer, yet probably less complex password.
Additionally, as others have pointed out, weaknesses in various
Microsoft hashing schemes can make the protection allegedly afforded by
longer passwords, snake oil.

On Thu, 2004-07-08 at 16:02, Todd Gunter wrote:

Has anyone adopted the use of 15 character minimum passwords?

We are going to start using this password format when we migrate to Windows 2003.  I was wondering if anyone has 
started to use this format and what, if any, issues you had using them?

We see this as a simpler approach to passwords.  Fifteen character password with complexity is simply 
'Ihaveabigmouth.'.  They are also supposed to much harder to crack.

Please let me know your experiences with this move and any bumps in the road to look out for.


--
Matthew Keller
Enterprise Systems Analyst
Computing & Technology Services
State University of New York @ Potsdam
Potsdam, NY USA
http://mattwork.potsdam.edu/

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.


--
Leslie Maltz
Deputy VP for IT Planning and Standards
Columbia University
212-851-1820
lmaltz () columbia edu


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: 15 character minimum passwords, (continued)
- Re: 15 character minimum passwords Bill Frazier (Jul 09)
- 15 character minimum passwords Scott Bradner (Jul 09)
- Re: 15 character minimum passwords Greg Jackson (Jul 09)
- Re: 15 character minimum passwords Rich Graves (Jul 09)
- Re: 15 character minimum passwords Gary Flynn (Jul 09)
- Re: 15 character minimum passwords Gary Dobbins (Jul 09)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 09)
- Re: 15 character minimum passwords Buz Dale (Jul 09)
- Re: 15 character minimum passwords Matthew Keller (Jul 09)
- Re: 15 character minimum passwords Melissa Guenther (Jul 09)
- Re: 15 character minimum passwords Leslie Maltz (Jul 09)
- Re: 15 character minimum passwords Jim Loter (Jul 09)
- Re: 15 character minimum passwords Bill Frazier (Jul 09)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 09)
- Re: 15 character minimum passwords Gary Flynn (Jul 09)
- Re: 15 character minimum passwords Wayne Wilson (Jul 09)
- Re: 15 character minimum passwords Scott Bradner (Jul 09)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 09)
- Re: 15 character minimum passwords Gary Flynn (Jul 09)