Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Active Directory Password Strength

From: Tim Howard <Timothy_G_Howard () RAYTHEON COM>
Date: Mon, 14 Nov 2005 13:23:27 -0500
Recommend you follow NIST guidelines:

8 characters minimum
combination of Upper and lower case alphas, numbers and special signs
update your dictionary to reject obvious combinations of proper names,
names of local entities like sports teams, etc

See 800-53, and 800-63, among others...

http://csrc.nist.gov





Raytheon
Tim Howard
Information Security Manager
Raytheon Information Solutions
301.943.4732 cell;      timothy_g_howard () raytheon com



"Cary, Kim" <Kim.Cary () PEPPERDINE EDU>
11/14/2005 01:13 PM
Please respond to
The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
[SECURITY] Active Directory Password Strength






Does anyone have any product recommendations or rollout procedures
(technical) they could recommend for implementing Active Directory
password
strength requirements?

Many (90%) of our users don't sign on to the domain, yet it controls their
authentication as the backend for several systems. This prevents us from
just turning on requirements and letting them be prompted by their next
domain sign-in session for a new password.
Thanks for any suggestions!

--
Kim Cary, Ed.D.
Infrastructure Security Administrator
Pepperdine University
310 506 6655 - M-F 7-4
Previous By Date Next
Previous By Thread Next

Current thread: