Educause Security Discussion mailing list archives
Re: Password policy publication
From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 27 Oct 2008 12:12:10 -0400
IMHO, less of a risk than allowing users to choose a password with no complexity.
Or annoying a user by rejecting weak passwords with piecemeal explanations of what they need to do to correct them.
Allison F. Dolan Program Director, Personally Identifiable Information Massachusetts Institute of Technology http://mit.edu/infoprotect On Oct 27, 2008, at 11:55 AM, Roger Safian wrote:
At 05:00 AM 10/25/2008, Geoff Nathan put fingers to keyboard and wrote:Just a quick question--as always, reply to me and I'll summarize for the list. Does publishing the standards for strong passwords (e.g. eight characters, at least one upper case, at least one numeral) constitute a security hazard by giving information to potential hackers?I'll take a chance. Sure it does. That being said, it's, -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Password policy publication Geoff Nathan (Oct 25)
- <Possible follow-ups>
- Re: Password policy publication Roger Safian (Oct 27)
- Re: Password policy publication Allison Dolan (Oct 27)
- Re: Password policy publication Valdis Kletnieks (Oct 27)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Adam Nave (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Shalla, Kevin (Oct 28)
- Re: Password policy publication Valdis Kletnieks (Oct 28)
- Re: Password policy publication Steven Alexander (Oct 28)
- Re: Password policy publication Roger Safian (Oct 28)
- Re: Password policy publication Matthew Gracie (Oct 29)