Educause Security Discussion mailing list archives
Follow up to password vs pass-phrase discussion
From: Kamnab Keo/FS/VCU <kkeo () VCU EDU>
Date: Tue, 27 Apr 2010 15:22:20 -0400
Does anyone advocate the use of pass-phrases vs passwords and allowing users the ability to use pass-phrases if they want to? For example, do you allow your users to use pass-phrases that consist of 15 characters or more with no complexity requirements but passwords with 7 to 14 characters must have some type of complexity (uppercase, number, special character)? Also does anyone have separate password policies for users that access sensitive systems? If so, what types of password policies are used? Thanks, Kamnab Keo IT Risk Management Analyst Virginia Commonwealth University VCU Information Security - http://infosecurity.vcu.edu/ Information Security News, Tips & More - http://www.twitter.com/vcuinfosec Information Security Best Practices - http://infosecurity.vcu.edu/docs/information-security-best-practices.pdf Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.
Current thread:
- Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 27)
- <Possible follow-ups>
- Re: Follow up to password vs pass-phrase discussion Sheri J Thompson (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Roger Safian (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Bill Badertscher (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Davis, Thomas R (Apr 28)
- Re: Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 28)