Re: Passphrases v Password

[scott hollatz <shollatz () D UMN EDU>]

-- shollatz () d UMn eDu from cell
On Jul 5, 2013 7:49 PM, "Cathy Hubbs" <hubbs () american edu> wrote:

> Thanks to those that answered both on and off the list. I see we are out
> in front but not alone. Yes there are others!
>
> Every institution has a variety of considerations when making a decision.
> Happy to discuss off line.  The driving force was one year expiration and
> customer friendly.  We believe it is easier to teach customers to write
> natural language sentences than to pick a number, a symbol, an upper case,
> and a lower case character.
>
> My colleague loves to trot this XKCD comic strip
> http://imgs.xkcd.com/comics/password_strength.png
>
> [image: password_strength.png]
>
> Thanks again.
>
> Cathy
>
> On Jul 5, 2013, at 12:22 PM, "Cathy Hubbs" <hubbs () AMERICAN EDU> wrote:
>
> Greetings,
> American University is moving to require passphrases, 16 character
> minimum, with upper and lower case requirement for standard users (staff,
> students, and faculty).
>
> I would love to hear from anyone that has gone down this path and
> experiences from their customers.
>
> Thanks
>
> Cathy
>
> Cathy Hubbs, CISSP, CISA, CGEIT
> Chief Information Security Officer
> Office of Information Technology
> American University