Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification

From: Eric Case <eric () ERICCASE COM>
Date: Thu, 19 Aug 2010 12:56:58 -0700
Would "17 = Seven + Ten" pass your passphrase test?

Would "17 is 1,0001" pass your password test?
-Eric€


Eric Case, CISSP
eric (at) ericcase (dot) com
http://www.linkedin.com/in/ericcase
(520) 344-CISO (2476)




-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles
Buchholtz
Sent: Thursday, August 19, 2010 12:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] (***POSSIBLE SPAM***) Re: [SECURITY] Password
Expatriation notification

On Thu, Aug 19, 2010 at 02:03:29PM -0400, Valdis Kletnieks wrote:

On Thu, 19 Aug 2010 13:48:35 EDT, Charles Buchholtz said:


We allow passwords (minimum 9 chars) and pass-phrases (minimum 16
chars).


How do you tell if a 14 character string is a password or a passphrase?


Passwords cannot contain words from our dictionary, or common variants
of words in our dictionary.  ">bZony5PT8" is a good password, and
"Seven white horses!" is a good pass-phrase, but "Seventeen" and
"5even+33n" are not accepted.

--- Chip

Charles H. Buchholtz                  Director of Systems Programming
chip () seas upenn edu                  School of Engineering and Applied Science
http://www.seas.upenn.edu/~chip                 University of Pennsylvania

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: