Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Who is using Passphrase over 16 characters

From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Thu, 3 Sep 2020 16:12:18 -0500
On 03 Sep 20, at 16:05, Cathy Hubbs <hubbs () AMERICAN EDU> wrote:


We have been supporting 2 password policies for several years and would like to move to 1 (the 16+ character 
passphrase).  Wondering how many of you have adopted a longer/stronger passphrase policy?
For ease of response – anyone using passphrase policy requiring at least 12 characters?

[snip]

Policy requires a complex password for our high and medium classifications:

        https://policy.umn.edu/it/securedata-appaaam


The policy refers to

        
https://it.umn.edu/resources-it-staff-partners/information-security-standards/authentication-access-account-management


for a discussion of what a complex password is, which includes a requirement that it be >=16 characters long.

I note they didn't use my own authentication factor definitions:

        1) Something you lose.
        2) Something you forget.
        3) Something you cease to be.


-- 
Alan Amesbury
Security Analyst | University Information Security (UIS)
University of Minnesota | umn.edu | 612-625-8810
Information Security is a shared responsibility. Learn more at: https://it.umn.edu/what-security-incident

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: