Educause Security Discussion mailing list archives

Re: Password Standards

From: "Greene, Allen" <Allen.Greene () ROCHESTER EDU>
Date: Tue, 2 Sep 2014 21:41:31 +0000

Dan,

You can view our Passwords page here: 
https://www.rochester.edu//it/security/yourself/passwords.html<https://www.rochester.edu/it/security/yourself/passwords.html>.
  We have an online Test Your Password tool that lists our minimum requirements and provides the opportunity to enter a 
password and get real time feedback on the password's score and complexity (the password is obscured of course).  
Additionally it also provides a breakdown of factors that added to or deducted from the score listed.

Minimum Requirements:

*         Minimum 8 characters in length

*         Maximum 15 characters in length

*         Minimum 4 unique characters

*         Minimum 2 alphabetic characters

*         Contains 3/4 character sets:
- Uppercase Letters
- Lowercase Letters
- Numbers
- Symbols: *&^#()$%+=!~

*        Not allowed: @

Best regards,

Allen Greene | Security Analyst Senior
University of Rochester | University IT Security and Policy
Office:  (585) 275-7335 | Allen.Greene () Rochester edu<mailto:Allen.Greene () Rochester edu>

[longerLogo-300dpi_sm]

"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room 
with armed guards -- and even then I have my doubts."  (Eugene H. Spafford)

CONFIDENTIALITY: This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein 
and may contain legally privileged and/or confidential information. If you are not the intended recipient of this 
e-mail (or the person responsible for delivering this document to the intended recipient), you are hereby notified that 
any dissemination, distribution, printing or coping of this e-mail, and any attachment thereto, is strictly prohibited. 
If you have received this e-mail in error, please respond to the individual sending the message, and permanently delete 
the original and any copy of any e-mail and printout thereof.  Thank you.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, 
Dan
Sent: Tuesday, September 02, 2014 4:35 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Standards

Hello -

If anyone has the time, and is willing to share what they use for password standards?

Specifically

Password Length
Password History
Password Expiration (if any)
Password Age


Thanks !

Current thread:

Password Standards Russo, Dan (Sep 02)
- Re: Password Standards Ken Connelly (Sep 02)
  - Re: Password Standards Mally Mclane (Sep 03)
    - Re: Password Standards Shamblin, Quinn (Sep 03)
- Re: Password Standards Ben Woelk (Sep 02)
- Re: Password Standards Roger A Safian (Sep 02)
- Re: Password Standards Stephen C. Gay (Sep 02)
- Re: Password Standards Greene, Allen (Sep 02)
  - Re: Password Standards Carson, Larry (Sep 02)
- Re: Password Standards Tim Faircloth (Sep 03)
- Re: Password Standards John Kristoff (Sep 03)
  - Re: Password Standards Roger A Safian (Sep 03)
- <Possible follow-ups>
- Re: Password Standards Shane, Annie (Sep 03)