Educause Security Discussion mailing list archives
Re: Passphrases v Password
From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Fri, 5 Jul 2013 13:06:49 -0600
We *have* a 15 character requirement - for both students and employees - for the past 4-5 years, and they are just now considering rolling the students back to 8 characters. The impact related to Service Desk calls for password resets has been off the charts, so we're hoping that backing this off will help a little bit. But -we also need a better "self-service utility" to help with password resets. We're currently using the "built-in" utility that's in Banner's Luminus 4 product - it works, but not well - and we'd like to use a password reset utility that offers the user "options", (ie, secret questions, secondary e-mail with link, texting, etc.) Anyone using a utility that they are just crazy about?? Please share.... Thanks, Michael From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy Sent: Friday, July 05, 2013 12:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Passphrases v Password How do you enforce "passphrases"? :-) Our current password rules are at http://www.awareness.security.vt.edu/passwords/strong_passwords.html. It will be interesting to see the user reaction to the 16 character minimum requirement. -r. On Fri, Jul 5, 2013 at 12:22 PM, Cathy Hubbs <hubbs () american edu<mailto:hubbs () american edu>> wrote: Greetings, American University is moving to require passphrases, 16 character minimum, with upper and lower case requirement for standard users (staff, students, and faculty). I would love to hear from anyone that has gone down this path and experiences from their customers. Thanks Cathy Cathy Hubbs, CISSP, CISA, CGEIT Chief Information Security Officer Office of Information Technology American University -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean.
Current thread:
- Passphrases v Password Cathy Hubbs (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Joel L. Rosenblatt (Jul 05)
- Re: Passphrases v Password Cathy Hubbs (Jul 05)
- Re: Passphrases v Password randy (Jul 05)
- Re: Passphrases v Password SCHALIP, MICHAEL (Jul 05)
- Re: Passphrases v Password Michael Sinatra (Jul 05)
- Re: Passphrases v Password Rich Graves (Jul 05)
- Re: Passphrases v Password Steven Alexander (Jul 05)
- Re: Passphrases v Password Rich Graves (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Rich Graves (Jul 05)
- Re: Passphrases v Password Mike Osterman (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Steven Alexander (Jul 05)
- Re: Passphrases v Password Will Froning (Jul 05)
- Re: Passphrases v Password Cathy Hubbs (Jul 05)
- Re: Passphrases v Password scott hollatz (Jul 05)