Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Passwords & Passphrases

From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Mon, 19 Nov 2007 12:32:50 -0600
Our current policy is:

 

            Minimum of 8 characters

            At least one uppercase, lowercase, and number

            Cannot reuse the last 10 passwords (There are ways around
this though)

            We currently force password changes each semester, but are
moving to every 90 days

            May not contain the users account name

 

I have been working on a (personal) project that will be implemented
with the above.  When a user goes to change their password they will not
be able to use one that has been cracked or pre-generated.  Essentially
there will not be as many easily guessed passwords, so no "Password1" or
"ThisSucks1".

 

--

Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Network Security System Administrator
OTC Computer Networking

(417) 447-7535

 

________________________________

From: Brian T Nichols [mailto:bnichols () LSU EDU] 
Sent: Monday, November 19, 2007 11:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Passwords & Passphrases

 

Colleagues,

 

We are researching best practices regarding passwords and passphrases
(length, complexity, expiration, etc..).

 

Does anyone have a standard and/or policy they can share?

 

Thanks in advance!

 

-Brian

 

Brian Nichols, CISSP, CISM, CISA, CIA

Chief  IT Security & Policy Officer

Louisiana State University
Previous By Date Next
Previous By Thread Next

Current thread: