Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification

[Charles Buchholtz <chip+educause () SEAS UPENN EDU>]

On Thu, Aug 19, 2010 at 11:12:17AM -0400, Valdis Kletnieks wrote:
> What? Your users can't remember something like 'Bambi+Bippity-boppity-boo'?
> or "$*%&# security office made me do it" (bonus points for special char use)
> or "horizontal snow in the fog" (one boy in my Scout troop said he used that for
> a while, after a memorable climb up a local mountain)?

We allow passwords (minimum 9 chars) and pass-phrases (minimum 16
chars).  I've found that some people strongly prefer one and some
people strongly prefer the other.

I suspect that slow, clumsy typists prefer short passwords because
there are fewer chances to mistype a character and it's faster.  Fast,
accurate typists prefer pass-phrases because they are easier to
remember and easier to type.

I've watched people who have trouble typing try to enter passwords and
pass-phrases.  When every character takes 5 seconds to type, a 9
character password is much easier than a 16 character pass-phrase.

Charles H. Buchholtz                    Director of Systems Programming
chip () seas upenn edu            School of Engineering and Applied Science
http://www.seas.upenn.edu/~chip           University of Pennsylvania