Educause Security Discussion mailing list archives
Password security
From: Steven Alexander <alexander.s () MCCD EDU>
Date: Mon, 25 Jun 2012 18:33:19 +0000
Hello Everyone, I recently wrote a few posts about password security that I think (hope) will be of interest to the list. One of my primary motivations for writing these posts is that a lot of the advice/best practices that we have seem to be folk wisdom. Is 8 characters really a good minimum password length? Why not 7, or 9, or 15? The posts are on my blog at http://bugcharmer.blogspot.com . I'm planning to write more on various application security issues, but everything I have so far is about passwords. I would love feedback, but please respond off-list unless you think it will be of general interest. In case you want to jump to a specific topic, here are some additional links: An introduction/history of password security (the post links to an article I published elsewhere) http://bugcharmer.blogspot.com/2012/06/introduction-to-password-protection.html What are we trying to prevent? What is the purpose of password salting/stretching, delay timers, lockouts, etc? http://bugcharmer.blogspot.com/2012/06/passwords-attacks-and-threats.html How long should passwords really be? http://bugcharmer.blogspot.com/2012/06/how-long-should-passwords-be.html Rainbow tables aren't as powerful as people think. http://bugcharmer.blogspot.com/2012/06/rainbow-tables-not-considered-harmful.html Regards, Steven Alexander Jr. Online Education Systems Manager Merced College 3600 M Street Merced, CA 95348-2898 (209) 384-6191 alexander.s () mccd edu<mailto:alexander.s () mccd edu> This email has been scanned by a Spam/Virus Firewall. If your email has been classified as Spam please contact the HelpDesk at (209) 384-6180.
Current thread:
- Password security Steven Alexander (Jun 25)