Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: "Sweeny, Jonny" <jsweeny () IU EDU>
Date: Mon, 19 Nov 2007 14:40:29 -0500
Passphrases MUST contain at least: * 15 to 127 characters (at least 4 of which are unique) * 4 or more words (a "word" is defined as 2 or more distinct letters separated by 1 or more spaces or non-letters) Passphrases MUST NOT: * contain the "at" sign (@) * contain the "number" sign (#) * be a common phrase (such as "to be or not to be" or "April showers bring may flowers") * be based on predictable patterns such as the alphabet or the layout of a standard keyboard * contain your name or username No expiration presently. We're working on that. -- ~Jonny Sweeny, GSEC, GCWN, GCIH, SSP-CNSA Incident Response Manager, Lead Security Analyst Office of the VP for Information Technology, Indiana University PGP key & S/MIME cert: https://itso.iu.edu/Jonny_Sweeny jsweeny () iu edu p(812)855-4194 f(812)856-1011 -----Original Message----- From: Brian T Nichols [mailto:bnichols () LSU EDU] Sent: Monday, November 19, 2007 12:49 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Passwords & Passphrases Colleagues, We are researching best practices regarding passwords and passphrases (length, complexity, expiration, etc..). Does anyone have a standard and/or policy they can share? Thanks in advance! -Brian Brian Nichols, CISSP, CISM, CISA, CIA Chief IT Security & Policy Officer Louisiana State University
Current thread:
- Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases J. Alex Campoe (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases HALL, NATHANIEL D. (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Steve Worona (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Sweeny, Jonny (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Martin Manjak (Nov 19)
- Re: Passwords & Passphrases Gary Flynn (Nov 19)
- Re: Passwords & Passphrases Peters, Kevin (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Gene Spafford (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases Harold Winshel (Nov 19)
- Re: Passwords & Passphrases Steven Alexander (Nov 19)
(Thread continues...)