Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Passwords & Passphrases

From: "Peters, Kevin" <Kevin.Peters () OLC STATE OH US>
Date: Tue, 20 Nov 2007 09:05:58 -0500
Just for fun, here is a site that provides some calculations on cracking
passwords:

 

www.lockdown.co.uk/?pg=combi

 

This site lists the top ten password crackers:

 

http://sectools.org/crackers

 

This site lists the top ten web vulnerability tools:

 

http://sectools.org/web-scanners.html

 

 

Kevin Peters

IT Manager

The Ohio State Lottery

________________________________

From: Gary Dobbins [mailto:dobbins () ND EDU] 
Sent: Tuesday, November 20, 2007 8:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passwords & Passphrases

 

Ours has been in effect a couple years.  Only a dozen or so complaints
(out loud) and no exceptions needed so far.

 

http://oit.nd.edu/passwords/

 

Max age 180 days; >=8 chars; 3 of 4 char classes; history of 8; minimum
age 1 hour

Expired passwords work only on the page where you can select a new one.

 

 

From: Brian T Nichols [mailto:bnichols () LSU EDU] 
Sent: Monday, November 19, 2007 12:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Passwords & Passphrases

 

Colleagues,

 

We are researching best practices regarding passwords and passphrases
(length, complexity, expiration, etc..).

 

Does anyone have a standard and/or policy they can share?

 

Thanks in advance!

 

-Brian

 

Brian Nichols, CISSP, CISM, CISA, CIA

Chief  IT Security & Policy Officer

Louisiana State University
Previous By Date Next
Previous By Thread Next

Current thread: