Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: Passwords & Passphrases

From: Andrea Beesing <amb3 () CORNELL EDU>
Date: Tue, 20 Nov 2007 16:35:05 -0500
Brian,

I am sending you a link to an interim policy which includes information
about our current password standard. When we implemented the password
complexity rules we chose not to include password aging/expiration.
It's very possible that this decision could be revisited in the future
as we refine our approach to data classification and security.

http://www.cit.cornell.edu/policy/interim/AuthenticationITR.html

--Andrea Beesing, Cornell University




Begin forwarded message:


*From: *Brian T Nichols <bnichols () LSU EDU <mailto:bnichols () LSU EDU>>
*Date: *November 19, 2007 12:48:56 PM EST
*To: *SECURITY () LISTSERV EDUCAUSE EDU
<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
*Subject: **[SECURITY] Passwords & Passphrases*
*Reply-To: *The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>

Colleagues,



We are researching best practices regarding passwords and passphrases
(length, complexity, expiration, etc..).



Does anyone have a standard and/or policy they can share?



Thanks in advance!



-Brian



Brian Nichols, CISSP, CISM, CISA, CIA

Chief  IT Security & Policy Officer

Louisiana State University








--


Andrea Beesing
Asst Dir, IT Security
Cornell Information Technologies
120 Maple Ave.
Ithaca, NY   14853
607 254-7441
Previous By Date Next
Previous By Thread Next

Current thread: