Re: Follow up to password vs pass-phrase discussion

[Sheri J Thompson <sthomp8 () LSU EDU>]

We do to some extent. See
http://grok.lsu.edu/Article.aspx?articleid=6986 

 

Sheri J. Thompson

IT Communications & Planning Officer

LSU Information Technology Services

200 Frey Computing Center

Baton Rouge, Louisiana 70803

tel. 225.578.5739

fax 225.578.7710

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kamnab Keo/FS/VCU
Sent: Tuesday, April 27, 2010 2:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Follow up to password vs pass-phrase discussion

 

Does anyone advocate the use of pass-phrases vs passwords and allowing
users the ability to use pass-phrases if they want to?  For example, do
you allow your users to use pass-phrases that consist of 15 characters
or more with no complexity requirements but passwords with 7 to 14
characters must have some type of complexity (uppercase, number, special
character)?  Also does anyone have separate password policies for users
that access sensitive systems?  If so, what types of password policies
are used? 

Thanks, 




Kamnab Keo
IT Risk Management Analyst   
Virginia Commonwealth University 

VCU Information Security - http://infosecurity.vcu.edu/
<http://infosecurity.vcu.edu/> 
Information Security News, Tips & More -
http://www.twitter.com/vcuinfosec <http://www.twitter.com/vcuinfosec>  
Information Security Best Practices -
http://infosecurity.vcu.edu/docs/information-security-best-practices.pdf
<http://infosecurity.vcu.edu/docs/information-security-best-practices.pd
f> 

Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information.  For more details
visit http://infosecurity.vcu.edu/phishing
<http://infosecurity.vcu.edu/phishing> .