Educause Security Discussion mailing list archives
Re: Password Complexity and Aging
From: Geoff Nathan <geoffnathan () WAYNE EDU>
Date: Sat, 11 Apr 2009 12:08:52 -0400
I'll second Roger and Valdis' comments about the religious nature of this debate. I tried to educate our auditors and failed, and indeed they had expiry of ancient account passwords in mind as a driving force. So far there haven't been many loud squawks, but we're only into our second 180 days. What has been troublesome is the fact that we're going to have to limit the use of non-alphanumeric characters because of issues with Oracle, so we're actually dumbing down our requirements. We've also had a fight about whether the actual complexity restrictions should be on a public page or not (some folks seem to believe it's a security risk). As long as we're going with 'industry standard' (minimum eight, at least one cap, at least one non-letter, not the same as the last one, 180 days) we're not giving out 'the keys to the kingdom', I think we're not usefully hiding anything, but it looks like I'm losing that fight too. Geoffrey S. Nathan Faculty Liaison, C&IT, Policy Coordinator and Associate Professor, Linguistics Program +1 (313) 577-1259 (C&IT) +1 (313) 577-8621 (English/Linguistics)
Current thread:
- Password Complexity and Aging Matthew Giannetto (Apr 09)
- <Possible follow-ups>
- Re: Password Complexity and Aging Tupker, Mike (Apr 09)
- Re: Password Complexity and Aging Eric Case (Apr 09)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 10)
- Re: Password Complexity and Aging Stanclift, Michael (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging King, Ronald A. (Apr 10)
- Re: Password Complexity and Aging Roger Safian (Apr 10)
- Re: Password Complexity and Aging Valdis Kletnieks (Apr 10)
- Re: Password Complexity and Aging Geoff Nathan (Apr 11)
- Re: Password Complexity and Aging Stephen John Smoogen (Apr 11)
- Re: Password Complexity and Aging Tom Siu (Apr 12)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Doug Markiewicz (Apr 13)
- Re: Password Complexity and Aging Barros, Jacob (Apr 13)
- Re: Password Complexity and Aging Gary Dobbins (Apr 13)
- Re: Password Complexity and Aging Ryan Fox (Apr 13)
- Re: Password Complexity and Aging Allison Dolan (Apr 13)
- Re: Password Complexity and Aging Morrow Long (Apr 13)
- Re: Password Complexity and Aging Schumacher, Adam J (Apr 13)
(Thread continues...)