Educause Security Discussion mailing list archives
Re: Password Guidelines
From: Rob Milman <rob.milman () SAIT CA>
Date: Tue, 23 Aug 2016 15:52:25 -0600
Hi Frank, I found that our existing password policies are pretty robust, however I hadn’t considered using a password blacklist as suggested in the draft. Is anyone using a password blacklist to prevent users from using a compromised password? I know I’ve run into this on some websites, but not in an enterprise level authentication system. Rob Milman [cid:image001.gif@01D1FD56.5815E620] Rob Milman Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca<mailto:rob.milman () sait ca> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frank Barton Sent: Tuesday, August 23, 2016 11:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password Guidelines Good afternoon folks, I am wondering if the recent NIST draft authentication guidelines have caused anybody to review their existing password policies, and, if so, caused any changes? (for those of you that haven't read it yet: https://pages.nist.gov/800-63-3/) Frank -- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Password Guidelines Frank Barton (Aug 23)
- Re: Password Guidelines Rob Milman (Aug 23)
- Re: Password Guidelines Steven Alexander (Aug 23)
- Re: Password Guidelines Rob Milman (Aug 23)