Re: {SPAM?} Password Complexity and Aging

["Sachnoff, Neil" <NSachnoff () MIDDLESEXCC EDU>]

We are just instituting a very similar network login requirement. For us
it is three of the four "At least 1" of requirements and the change will
be every 180 days.

 

/Neil  

Neil S. Sachnoff, Executive Director, Information Technology
Middlesex County College 
V-732.906.2601/Fax 732.548.6814 
 PThink before you print

 

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Giannetto
Sent: Thursday, April 09, 2009 12:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: {SPAM?} [SECURITY] Password Complexity and Aging
Importance: Low

 

We are looking to implement a new password policy, and are currently
trying to get our committee of end-users to buy into the change.  The
two sticking points are password complexity and password aging.  They
seem to understand the importance, but want to make sure that we're not
asking too much from our end-users.  They're looking for more assurance
that what we're asking is necessary, and that we're not going overboard
compared to most other colleges.

 

Our policy states that:

-Minimum 8 Characters

-At least 1 Uppercase

-At least 1 Lowercase

-At least 1 Number

-At least 1 Special

-Change every 120 days

 

Would anyone be willing to share their password complexity and aging
requirements?  

 

Are we asking too much/not enough?  Does anyone have any quality tips or
resources that would help substantiate why passwords must be this
strong?  Are there any compliance drivers worth mentioning?

 

Has there been a recent study that surveys password complexity/aging in
education?

 

Does anyone have other advice on how to get faculty, staff, and students
to buy-in to this change?

 

I'm sure many of you have had the pleasure of implementing strong
password policies.  Any advice you have would be greatly appreciated.

 

 

 

Thanks,

Matthew Y. Giannetto

Manager of IT Security

Montgomery County Community College

mgiannet () mc3 edu

215.619.7442

 

 

Home of the 2006, 2004 and 2002 CASE and Carnegie Foundation for the
Advancement of Teaching's Pennsylvania Professors of the Year. 

 

This e-mail message and any files transmitted with it are intended for
the use of the individual(s) or entity to which they are addressed and
may contain information that is privileged, proprietary or confidential.
If you are not an intended recipient, you may not use, distribute or
duplicate any information contained within this message. If you have
received this communication in error, please immediately destroy all
occurrences of this message and notify the sender. Thank you. 

 

Montgomery County Community College 

340 DeKalb Pike, Blue Bell, PA, USA, 19422 

101 College Drive, Pottstown, PA, USA, 19464 

www.mc3.edu