Educause Security Discussion mailing list archives

Re: Password Standards

From: Ben Woelk <fbwis () RIT EDU>
Date: Tue, 2 Sep 2014 20:43:01 +0000

Dan,
Our password standard info is at https://www.rit.edu/security/content/password

*         Be at least 8 characters long (a longer passphrase is preferred)

*         Use both upper and lower case letters and at least one number, and one special character

*         We suggest putting numbers and special characters in the middle of the password, not at the beginning or end

*         Change it annually (at a minimum)

*         DO NOT use your username

*         DO NOT reuse for at least six changes of password

We are educating our community on the use of passphrases, encouraging length over complexity.

Ben Woelk '07
Private Information Management Initiative Project Manager
ISO Program Manager
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://www.rit.edu/security/

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec

CONFIDENTIALITY NOTE:  The information transmitted, including attachments, is intended only for the person(s) or entity 
to which it is addressed and may contain confidential and/or privileged material.  Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, please contact the sender and destroy any 
copies of this information.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, 
Dan
Sent: Tuesday, September 02, 2014 4:35 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Standards

Hello -

If anyone has the time, and is willing to share what they use for password standards?

Specifically

Password Length
Password History
Password Expiration (if any)
Password Age


Thanks !

Current thread:

Password Standards Russo, Dan (Sep 02)
- Re: Password Standards Ken Connelly (Sep 02)
  - Re: Password Standards Mally Mclane (Sep 03)
    - Re: Password Standards Shamblin, Quinn (Sep 03)
- Re: Password Standards Ben Woelk (Sep 02)
- Re: Password Standards Roger A Safian (Sep 02)
- Re: Password Standards Stephen C. Gay (Sep 02)
- Re: Password Standards Greene, Allen (Sep 02)
  - Re: Password Standards Carson, Larry (Sep 02)
- Re: Password Standards Tim Faircloth (Sep 03)
- Re: Password Standards John Kristoff (Sep 03)
  - Re: Password Standards Roger A Safian (Sep 03)
- <Possible follow-ups>
- Re: Password Standards Shane, Annie (Sep 03)