Educause Security Discussion mailing list archives
Re: Password Complexity and Aging
From: "Tupker, Mike" <mtupker () MTMERCY EDU>
Date: Thu, 9 Apr 2009 16:59:31 -0500
We follow this: -Minimum 8 characters -standard active directory complexity rules (special characters, upper, lower, numeric, no part of username) -force change every 90 days -can only change once per day -password history (remembers last 24 passwords used) Mike Tupker Systems Administrator Mount Mercy College Office: (319) 363-1323 x1401 Mobile: (319) 538-1644 If you need assistance with an computer issue please contact the helpdesk at x4357 or http://help.mtmercy.edu. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Giannetto Sent: Thursday, April 09, 2009 11:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password Complexity and Aging We are looking to implement a new password policy, and are currently trying to get our committee of end-users to buy into the change. The two sticking points are password complexity and password aging. They seem to understand the importance, but want to make sure that we're not asking too much from our end-users. They're looking for more assurance that what we're asking is necessary, and that we're not going overboard compared to most other colleges. Our policy states that: -Minimum 8 Characters -At least 1 Uppercase -At least 1 Lowercase -At least 1 Number -At least 1 Special -Change every 120 days Would anyone be willing to share their password complexity and aging requirements? Are we asking too much/not enough? Does anyone have any quality tips or resources that would help substantiate why passwords must be this strong? Are there any compliance drivers worth mentioning? Has there been a recent study that surveys password complexity/aging in education? Does anyone have other advice on how to get faculty, staff, and students to buy-in to this change? I'm sure many of you have had the pleasure of implementing strong password policies. Any advice you have would be greatly appreciated. Thanks, Matthew Y. Giannetto Manager of IT Security Montgomery County Community College mgiannet () mc3 edu 215.619.7442 Home of the 2006, 2004 and 2002 CASE and Carnegie Foundation for the Advancement of Teaching's Pennsylvania Professors of the Year. This e-mail message and any files transmitted with it are intended for the use of the individual(s) or entity to which they are addressed and may contain information that is privileged, proprietary or confidential. If you are not an intended recipient, you may not use, distribute or duplicate any information contained within this message. If you have received this communication in error, please immediately destroy all occurrences of this message and notify the sender. Thank you. Montgomery County Community College 340 DeKalb Pike, Blue Bell, PA, USA, 19422 101 College Drive, Pottstown, PA, USA, 19464 www.mc3.edu
Current thread:
- Password Complexity and Aging Matthew Giannetto (Apr 09)
- <Possible follow-ups>
- Re: Password Complexity and Aging Tupker, Mike (Apr 09)
- Re: Password Complexity and Aging Eric Case (Apr 09)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 10)
- Re: Password Complexity and Aging Stanclift, Michael (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging King, Ronald A. (Apr 10)
- Re: Password Complexity and Aging Roger Safian (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging Geoff Nathan (Apr 11)
- Re: Password Complexity and Aging Stephen John Smoogen (Apr 11)
- Re: Password Complexity and Aging Tom Siu (Apr 12)
(Thread continues...)