Educause Security Discussion mailing list archives

Follow up to password vs pass-phrase discussion

From: Kamnab Keo/FS/VCU <kkeo () VCU EDU>
Date: Tue, 27 Apr 2010 15:22:20 -0400

Does anyone advocate the use of pass-phrases vs passwords and allowing
users the ability to use pass-phrases if they want to?  For example, do
you allow your users to use pass-phrases that consist of 15 characters or
more with no complexity requirements but passwords with 7 to 14 characters
must have some type of complexity (uppercase, number, special character)?
Also does anyone have separate password policies for users that access
sensitive systems?  If so, what types of password policies are used?

Thanks,




Kamnab Keo
IT Risk Management Analyst
Virginia Commonwealth University

VCU Information Security - http://infosecurity.vcu.edu/
Information Security News, Tips & More - http://www.twitter.com/vcuinfosec
Information Security Best Practices -
http://infosecurity.vcu.edu/docs/information-security-best-practices.pdf

Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information.  For more details
visit http://infosecurity.vcu.edu/phishing.

Current thread:

Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 27)
- <Possible follow-ups>
- Re: Follow up to password vs pass-phrase discussion Sheri J Thompson (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Roger Safian (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Bill Badertscher (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Davis, Thomas R (Apr 28)
- Re: Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 28)