Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Passwords & Passphrases

From: "J. Alex Campoe" <campoe () USF EDU>
Date: Mon, 19 Nov 2007 13:24:46 -0500
Brian
Here's the current policy for our ACtive Directory, which includes all faculty/staff accounts: 

Minimum password length (characters) 8
Password must meet complexity requirement Enabled
Store password using reversible encryption Disabled
Enforce password history (no. of unique passwords) 5
Maximum password age (days) 180

When complexity requirement is enabled, passwords must
• Not contain all or part of the user's account name
• Contain characters from three of the following four categories:
  o English uppercase characters (A through Z)
  o English lowercase characters (a through z)
  o Base 10 digits (0 through 9)
  o Non-alphanumeric characters (e.g., !, $, #, %)

Alex

Brian T Nichols wrote:

Colleagues,
We are researching best practices regarding passwords and passphrases (length, complexity, expiration, etc..). 


Does anyone have a standard and/or policy they can share?


Thanks in advance!


-Brian


Brian Nichols, CISSP, CISM, CISA, CIA

Chief  IT Security & Policy Officer

Louisiana State University



--
--  Alex Campoe, CISSP            Information Security Manager       --
--                                Associate Director, Systems        --
--  Email: campoe () usf edu         Phone: (813) 974-1796              --
--  Academic Computing            University of South Florida        --
-----------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: