Password keepers (was Re: Password policy)

[Gary Dobbins <dobbins () ND EDU>]

The thread on PW strength reminds me of a companion question:

Is anyone providing recommended cross-platform password-safe tools?
Things like PasswordSafe, KeePass, etc. come to mind.

These free products are looking very robust, and even have PDA versions,
 not to mention the commercial options.

Since we advise our users to choose different passwords for each of
their accounts, enterprise or not, they naturally need something safe to
keep them all in (i.e. when the post-it becomes full ;-).


Buz Dale wrote:
> Hi Brian,
>  I've seen some schools move from a 90 to a 180 and ask for more
> complexity. Just changing the language from password to passphrase seems
> to have a good effect.
> Luck,
> Buz
>
> Kellogg, Brian D. wrote:
> > A couple questions:
> >
> >
> >
> >    1. Do most enforce password expirations?  I came from a large
> >       corporation and they enforced a 90 day password expiration
> >       policy.  It seemed to have the effect of making passwords less
> >       secure as most would write them down in obvious places.
> >    2. Do most enforce a strong password policy?
> >    3. Any other recommendations/insights along this line would be helpful.
> >
> >
> >
> >
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Brian

--

  ------------------------------------------------------------
  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies