Educause Security Discussion mailing list archives
Re: Password length and complexity
From: "Rickard, Josh A." <rickardj () HEALTH MISSOURI EDU>
Date: Fri, 31 May 2013 17:41:10 +0000
Not really a document, but I've attached an Excel sheet that explains Password Complexity vs. Length. The other Excel sheet is for Risk Analysis. Both of these came from the SANS Sec505 (GCWM) course. I hope this helps. Thanks, Josh Rickard System Support Analyst School of Medicine University of Missouri From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric Weakland Sent: Friday, May 31, 2013 12:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password length and complexity Greetings, Do any of you have any links handy to scholarly/technical articles that have recommendations or strategies on choosing appropriate password length and complexity requirements? We're working on extending out password expiration period significantly - let's say 1 year, and will be using things like 2-factor for extremely sensitive accounts, and I want to make sure we are using a sound rationale/reasons for the length we choose - backed up by some research. Anyone know of useful studies/research results that could help guide our recommendations? Best, Eric Weakland, CISSP, CISM, CRISC Director, Information Security Office of Information Technology American University eric at american.edu 202.885.2241 ______________________________________ AU IT will never ask for your password via e-mail. Don't share your password with anyone!
Attachment:
Passphrase_Length_vs_Complexity.xls
Description: Passphrase_Length_vs_Complexity.xls
Attachment:
Practical_Risk_Analysis_and_Threat_Modeling_v.1.0.xls
Description: Practical_Risk_Analysis_and_Threat_Modeling_v.1.0.xls
Current thread:
- Question About Password Resets Jim Pardonek (May 16)
- Re: Question About Password Resets Roger A Safian (May 16)
- Re: Question About Password Resets David Curry (May 16)
- Re: Question About Password Resets David Seidl (May 16)
- Re: Question About Password Resets Valdis Kletnieks (May 16)
- Re: Question About Password Resets Schumacher, Adam J. (May 17)
- Password length and complexity Eric Weakland (May 31)
- Re: Password length and complexity Rickard, Josh A. (May 31)
- Re: Password length and complexity Roger A Safian (May 31)
- Re: Password length and complexity Irish, Adrian L (May 31)
- Re: Password length and complexity Shalla, Kevin (May 31)
- Re: Password length and complexity Roger A Safian (May 31)
- Re: Password length and complexity Alan Stockdale (May 31)
- Re: Password length and complexity Pete Hickey (May 31)
- Password length and complexity Eric Weakland (May 31)
- Re: Question About Password Resets Roger A Safian (May 16)
- Re: Password length and complexity Alan Stockdale (May 31)
- Re: Password length and complexity Steven Alexander (May 31)
- Re: Password length and complexity Tim Doty (May 31)
- Job Opening Willis Marti (Jun 09)