Educause Security Discussion mailing list archives

Re: Stats re: passwords

From: "Don M. Blumenthal" <don () DONBLUMENTHAL COM>
Date: Fri, 16 Oct 2009 12:42:57 -0400

One person that I know in the security community doesn't believe in password
rules like these because they are a pain to type and could be forgotten, if
nothing else wrt whether a letter is capitalized or not. Where the system
allows long pws, he advocates long, easy to remember sentences, such as
IhatestrongpasswordrulesmorethanIhateBrusselssprouts."

Don

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy marchany
Sent: Friday, October 16, 2009 12:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Stats re: passwords

After reading Alison's note to the list about password rules, I'm sure
that for most of us, the following password would be valid under
standard password rules of a) 8-16 characters b) upper/lower case c)
at least 1 numeric d) at least 1 special character.

AaBbCcDd1234)(*&

<sigh>

Randy Marchany
VA Tech IT Security Office

Current thread:

Stats re: passwords Allison Dolan (Oct 16)
- <Possible follow-ups>
- Re: Stats re: passwords randy marchany (Oct 16)
- Re: Stats re: passwords Don M. Blumenthal (Oct 16)
- Re: Stats re: passwords Chris Kidd (Oct 16)
- Re: Stats re: passwords Matthew Wollenweber (Oct 16)
- Re: Stats re: passwords Matthew Gracie (Oct 16)
- Re: Stats re: passwords Ken Connelly (Oct 16)
- Re: Stats re: passwords Patrick P Murphy (Oct 16)
- Re: Stats re: passwords HALL, NATHANIEL D. (Oct 16)
- Re: Stats re: passwords Matthew Wollenweber (Oct 16)
- Re: Stats re: passwords Willis Marti (Oct 16)
- Re: Stats re: passwords Valdis Kletnieks (Oct 16)
- Re: Stats re: passwords Wayne Samardzich (Oct 16)

(Thread continues...)