Educause Security Discussion mailing list archives
Password keepers (was Re: Password policy)
From: Gary Dobbins <dobbins () ND EDU>
Date: Wed, 1 Nov 2006 14:17:49 -0500
The thread on PW strength reminds me of a companion question: Is anyone providing recommended cross-platform password-safe tools? Things like PasswordSafe, KeePass, etc. come to mind. These free products are looking very robust, and even have PDA versions, not to mention the commercial options. Since we advise our users to choose different passwords for each of their accounts, enterprise or not, they naturally need something safe to keep them all in (i.e. when the post-it becomes full ;-). Buz Dale wrote:
Hi Brian, I've seen some schools move from a 90 to a 180 and ask for more complexity. Just changing the language from password to passphrase seems to have a good effect. Luck, Buz Kellogg, Brian D. wrote:A couple questions: 1. Do most enforce password expirations? I came from a large corporation and they enforced a 90 day password expiration policy. It seemed to have the effect of making passwords less secure as most would write them down in obvious places. 2. Do most enforce a strong password policy? 3. Any other recommendations/insights along this line would be helpful. Thanks, Brian
-- ------------------------------------------------------------ Gary Dobbins, CISSP -- Director, Information Security University of Notre Dame, Office of Information Technologies
Current thread:
- Password keepers (was Re: Password policy) Gary Dobbins (Nov 01)
- <Possible follow-ups>
- Password keepers (was Re: Password policy) John Ladwig (Nov 01)
- Re: Password keepers (was Re: Password policy) Russell Fulton (Nov 01)
- Re: Password keepers (was Re: Password policy) Jeff Giacobbe (Nov 02)