Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password entropy

From: James H Moore <jhmfa () RIT EDU>
Date: Sun, 23 Jul 2006 22:42:27 -0400
I have been following this thread, mainly because, you all, in your well
crafted answers, exposed to me my own ignorance.

We are in the beginning stages of looking at some sort of 2 factor
authentication.  We also are looking at what other people are doing with
encryption, and beginning to consider extending what we have.

I am reading this, because I want to know what to advise users too.  One
thing as far as predictability, I have sometimes used a "first letter"
formula for everything from quotes, to books/movies/music.  EG "MoonPie:
Biography of an Out-of-This-World Snack" by David Magee (a recent book
with a great deal of relevance) would become 1DM<>MP:boaootws .

I am still not sure what is good to recommend to users.

Jim

- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4122 (lab)
(585) 475-7950 (fax)



"We will have a chance when we are as efficient at communicating
information security best practices, as hackers and criminals are at
sharing attack information"  - Peter Presidio
Previous By Date Next
Previous By Thread Next

Current thread: