Educause Security Discussion mailing list archives
Re: Password length and complexity
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 31 May 2013 18:45:27 +0000
Is this useful? From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rickard, Josh A. Sent: Friday, May 31, 2013 12:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password length and complexity Not really a document, but I've attached an Excel sheet that explains Password Complexity vs. Length. The other Excel sheet is for Risk Analysis. Both of these came from the SANS Sec505 (GCWM) course. I hope this helps. Thanks, Josh Rickard System Support Analyst School of Medicine University of Missouri From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric Weakland Sent: Friday, May 31, 2013 12:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Password length and complexity Greetings, Do any of you have any links handy to scholarly/technical articles that have recommendations or strategies on choosing appropriate password length and complexity requirements? We're working on extending out password expiration period significantly - let's say 1 year, and will be using things like 2-factor for extremely sensitive accounts, and I want to make sure we are using a sound rationale/reasons for the length we choose - backed up by some research. Anyone know of useful studies/research results that could help guide our recommendations? Best, Eric Weakland, CISSP, CISM, CRISC Director, Information Security Office of Information Technology American University eric at american.edu 202.885.2241 ______________________________________ AU IT will never ask for your password via e-mail. Don't share your password with anyone!
Attachment:
Nist_Entropy_Spreadsheet.xls
Description: Nist_Entropy_Spreadsheet.xls
Current thread:
- Question About Password Resets Jim Pardonek (May 16)
- Re: Question About Password Resets Roger A Safian (May 16)
- Re: Question About Password Resets David Curry (May 16)
- Re: Question About Password Resets David Seidl (May 16)
- Re: Question About Password Resets Valdis Kletnieks (May 16)
- Re: Question About Password Resets Schumacher, Adam J. (May 17)
- Password length and complexity Eric Weakland (May 31)
- Re: Password length and complexity Rickard, Josh A. (May 31)
- Re: Password length and complexity Roger A Safian (May 31)
- Re: Password length and complexity Irish, Adrian L (May 31)
- Re: Password length and complexity Shalla, Kevin (May 31)
- Re: Password length and complexity Roger A Safian (May 31)
- Re: Password length and complexity Alan Stockdale (May 31)
- Re: Password length and complexity Pete Hickey (May 31)
- Password length and complexity Eric Weakland (May 31)
- Re: Question About Password Resets Roger A Safian (May 16)
- Re: Password length and complexity Alan Stockdale (May 31)
- Re: Password length and complexity Steven Alexander (May 31)
- Re: Password length and complexity Tim Doty (May 31)
- Job Opening Willis Marti (Jun 09)
- Re: Job Opening Casey Thomas (Jun 09)