Educause Security Discussion mailing list archives

Re: Password Expatriation notification

From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Thu, 19 Aug 2010 13:48:25 -0600

Cool.....now - change that admin "passphrase" every term (our current policy) - or every 6 months - and your sys admins 
will be lobbying for 2-factor within a couple of terms....

Also be prepared to audit your sys admins and their system accounts......be prepared to find the "official" sys admin 
accounts, and more than likely a shadow account that they use for everyday use (with a 4-6 character password.......;-)



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex 
Keller
Sent: Thursday, August 19, 2010 1:05 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Expatriation notification

re: I've watched people who have trouble typing try to enter passwords and pass-phrases. When every character takes 5 
seconds to type, a 9 character password is much easier than a 16 character pass-phrase.

however, it is often easier for people to type passphrases (even poor
typists) becuase the keystrokes are familiar. i am not a great typist and i can type "Should we go back to the moon?" 
much faster than "vf$1048Za".

we are moving to passpharses (where possible) for administrative accounts. we make sure the passphrase is sufficiently 
long, not based on a common slogan, includes both upper and lower case letters, at least one special character, and a 
string of numbers: "#Our cabin in cozy in the thunder!1055". it is a pain at first, but once you can commit it to 
muscle memory it gets a lot faster. either that or just cut and paste out of Keypass or alike.

best,
alex

--
Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu



 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Current thread:

Re: Password Expatriation notification, (continued)
- - - Re: Password Expatriation notification Mark Monroe (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Walter Moore (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Eric Case (Aug 19)
    - Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Deke Kassabian (Aug 19)
    - Re: Password Expatriation notification Alex Keller (Aug 19)
    - Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
    - Re: Password Expatriation notification Charles Buchholtz (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification charlie derr (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification James Farr '05 (Aug 19)
    - Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification Eric Case (Aug 19)
    - Re: Password Expatriation notification Morrow Long (Aug 19)
    - Re: Password Expatriation notification Allison Dolan (Aug 19)

(Thread continues...)