Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: "Sweeny, Jonny" <jsweeny () IU EDU>
Date: Mon, 19 Nov 2007 14:40:29 -0500
Passphrases MUST contain at least:
* 15 to 127 characters (at least 4 of which are unique)
* 4 or more words (a "word" is defined as 2 or more distinct letters separated by 1 or more spaces or non-letters)
Passphrases MUST NOT:
* contain the "at" sign (@)
* contain the "number" sign (#)
* be a common phrase (such as "to be or not to be" or "April showers bring may flowers")
* be based on predictable patterns such as the alphabet or the layout of a standard keyboard
* contain your name or username
No expiration presently. We're working on that.
--
~Jonny Sweeny, GSEC, GCWN, GCIH, SSP-CNSA
Incident Response Manager, Lead Security Analyst
Office of the VP for Information Technology, Indiana University
PGP key & S/MIME cert: https://itso.iu.edu/Jonny_Sweeny
jsweeny () iu edu p(812)855-4194 f(812)856-1011
-----Original Message-----
From: Brian T Nichols [mailto:bnichols () LSU EDU]
Sent: Monday, November 19, 2007 12:49
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Passwords & Passphrases
Colleagues,
We are researching best practices regarding passwords and passphrases (length, complexity, expiration, etc..).
Does anyone have a standard and/or policy they can share?
Thanks in advance!
-Brian
Brian Nichols, CISSP, CISM, CISA, CIA
Chief IT Security & Policy Officer
Louisiana State University
Current thread:
- Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases J. Alex Campoe (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases HALL, NATHANIEL D. (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Steve Worona (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Sweeny, Jonny (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Martin Manjak (Nov 19)
- Re: Passwords & Passphrases Gary Flynn (Nov 19)
- Re: Passwords & Passphrases Peters, Kevin (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Gene Spafford (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases Harold Winshel (Nov 19)
- Re: Passwords & Passphrases Steven Alexander (Nov 19)
(Thread continues...)