Educause Security Discussion mailing list archives

Re: Password policy publication

From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Mon, 27 Oct 2008 10:55:24 -0500

At 05:00 AM 10/25/2008, Geoff Nathan put fingers to keyboard and wrote:

Just a quick question--as always, reply to me and I'll summarize for the list.
Does publishing the standards for strong passwords (e.g. eight characters, at
least one upper case, at least one numeral) constitute a security hazard by
giving information to potential hackers?


I'll take a chance.  Sure it does.  That being said, it's, IMHO, less of
a risk than allowing users to choose a password with no complexity.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"

Current thread:

Password policy publication Geoff Nathan (Oct 25)
- <Possible follow-ups>
- Re: Password policy publication Roger Safian (Oct 27)
- Re: Password policy publication Allison Dolan (Oct 27)
- Re: Password policy publication Valdis Kletnieks (Oct 27)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Adam Nave (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Valdis Kletnieks (Oct 28)
- Re: Password policy publication Steven Alexander (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Matthew Gracie (Oct 29)