Re: Passphrases v Password

["SCHALIP, MICHAEL" <mschalip () CNM EDU>]

We *have* a 15 character requirement - for both students and employees - for the past 4-5 years, and they are just now 
considering rolling the students back to 8 characters.  The impact related to Service Desk calls for password resets 
has been off the charts, so we're hoping that backing this off will help a little bit.

But -we also need a better "self-service utility" to help with password resets.  We're currently using the "built-in" 
utility that's in Banner's Luminus 4 product - it works, but not well - and we'd like to use a password reset utility 
that offers the user "options", (ie, secret questions, secondary e-mail with link, texting, etc.)  Anyone using a 
utility that they are just crazy about??  Please share....

Thanks,

Michael



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy
Sent: Friday, July 05, 2013 12:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passphrases v Password

How do you enforce "passphrases"? :-)

Our current password rules are at http://www.awareness.security.vt.edu/passwords/strong_passwords.html.
It will be interesting to see the user reaction to the 16 character minimum requirement.

-r.
On Fri, Jul 5, 2013 at 12:22 PM, Cathy Hubbs <hubbs () american edu<mailto:hubbs () american edu>> wrote:
Greetings,
American University is moving to require passphrases, 16 character minimum, with upper and lower case requirement for 
standard users (staff, students, and faculty).

I would love to hear from anyone that has gone down this path and experiences from their customers.

Thanks

Cathy

Cathy Hubbs, CISSP, CISA, CGEIT
Chief Information Security Officer
Office of Information Technology
American University



--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.