Re: Passphrases v Password

[Ray McClure <Ray.G.McClure () HOFSTRA EDU>]

You might find this article interesting…
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

~R

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of scott 
hollatz
Sent: Friday, July 05, 2013 9:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passphrases v Password


-- shollatz () d UMn eDu<mailto:shollatz () d UMn eDu> from cell
On Jul 5, 2013 7:49 PM, "Cathy Hubbs" <hubbs () american edu<mailto:hubbs () american edu>> wrote:
Thanks to those that answered both on and off the list. I see we are out in front but not alone. Yes there are others!

Every institution has a variety of considerations when making a decision. Happy to discuss off line.  The driving force 
was one year expiration and customer friendly.  We believe it is easier to teach customers to write natural language 
sentences than to pick a number, a symbol, an upper case, and a lower case character.

My colleague loves to trot this XKCD comic strip
http://imgs.xkcd.com/comics/password_strength.png

[password_strength.png]

Thanks again.

Cathy

On Jul 5, 2013, at 12:22 PM, "Cathy Hubbs" <hubbs () AMERICAN EDU<mailto:hubbs () AMERICAN EDU>> wrote:
Greetings,
American University is moving to require passphrases, 16 character minimum, with upper and lower case requirement for 
standard users (staff, students, and faculty).

I would love to hear from anyone that has gone down this path and experiences from their customers.

Thanks

Cathy

Cathy Hubbs, CISSP, CISA, CGEIT
Chief Information Security Officer
Office of Information Technology
American University