Educause Security Discussion mailing list archives

Re: Passwords & Passphrases

From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Wed, 21 Nov 2007 17:32:51 -0700

At 04:35 PM 11/20/2007 -0500, Andrea Beesing wrote:

I am sending you a link to an interim policy which includes
information about our current password standard. When we implemented
the password complexity rules we chose not to include password
aging/expiration.
It's very possible that this decision could be revisited in the
future as we refine our approach to data classification and security.

http://www.cit.cornell.edu/policy/interim/AuthenticationITR.html


     It says "The password must never be shared, written down, or
stored in electronic form."  Does that mean programs like Password
Safe can't be used to store an encrypted password?  What about the
authentication itself?  It stores the encrypted password in electronic form.
-Eric


Eric Case, CISSP  <ecase () Arizona edu>
Information Security Officer
College of Engineering   <http://www.Engr.Arizona.edu>
1127 E James E. Rogers Way Room 200
Tucson, AZ 85721-0020
Mobile Phone 520-275-6436

Current thread:

Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases Roger Safian (Nov 20)
- Re: Passwords & Passphrases Harold Winshel (Nov 20)
- Re: Passwords & Passphrases Steven Alexander (Nov 20)
- Re: Passwords & Passphrases John Ladwig (Nov 20)
- Re: Passwords & Passphrases Ozzie Paez (Nov 20)
- Re: Passwords & Passphrases David Harley (Nov 20)
- Re: Passwords & Passphrases Zach Jansen (Nov 20)
- Re: Passwords & Passphrases Gary Flynn (Nov 20)
- Re: Passwords & Passphrases Matthew Gracie (Nov 20)
- Re: Fwd: Passwords & Passphrases Andrea Beesing (Nov 20)
- Re: Passwords & Passphrases Eric Case (Nov 21)
- Re: Passwords & Passphrases Andrea Beesing (Nov 25)
- Re: Passwords & Passphrases Kees Leune (Nov 26)
- Re: Passwords & Passphrases Paul Keser (Nov 26)