Educause Security Discussion mailing list archives
Re: Password Standards
From: "Carson, Larry" <larry.carson () UBC CA>
Date: Tue, 2 Sep 2014 21:48:38 +0000
Our standard on "Password and Passphrase Protection" is here: http://cio.ubc.ca/sites/cio.ubc.ca/files/documents/standards/Std%2002%20Pass word%20and%20Passphrase%20Protection.pdf Regards, Larry Carson Associate Director, Information Security Management, UBC From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greene, Allen Sent: Tuesday, September 02, 2014 2:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Standards Dan, You can view our Passwords page here: https://www.rochester.edu//it/security/yourself/passwords.html <https://www.rochester.edu/it/security/yourself/passwords.html> . We have an online Test Your Password tool that lists our minimum requirements and provides the opportunity to enter a password and get real time feedback on the password's score and complexity (the password is obscured of course). Additionally it also provides a breakdown of factors that added to or deducted from the score listed. Minimum Requirements: . Minimum 8 characters in length . Maximum 15 characters in length . Minimum 4 unique characters . Minimum 2 alphabetic characters . Contains 3/4 character sets: - Uppercase Letters - Lowercase Letters - Numbers - Symbols: *&^#()$%+=!~ . Not allowed: @ Best regards, Allen Greene | Security Analyst Senior University of Rochester | University IT Security and Policy Office: (585) 275-7335 | <mailto:Allen.Greene () Rochester edu> Allen.Greene () Rochester edu longerLogo-300dpi_sm "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards -- and even then I have my doubts." (Eugene H. Spafford) CONFIDENTIALITY: This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail (or the person responsible for delivering this document to the intended recipient), you are hereby notified that any dissemination, distribution, printing or coping of this e-mail, and any attachment thereto, is strictly prohibited. If you have received this e-mail in error, please respond to the individual sending the message, and permanently delete the original and any copy of any e-mail and printout thereof. Thank you. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, Dan Sent: Tuesday, September 02, 2014 4:35 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password Standards Hello - If anyone has the time, and is willing to share what they use for password standards? Specifically Password Length Password History Password Expiration (if any) Password Age Thanks !
Attachment:
smime.p7s
Description:
Current thread:
- Password Standards Russo, Dan (Sep 02)
- Re: Password Standards Ken Connelly (Sep 02)
- Re: Password Standards Mally Mclane (Sep 03)
- Re: Password Standards Shamblin, Quinn (Sep 03)
- Re: Password Standards Mally Mclane (Sep 03)
- Re: Password Standards Ben Woelk (Sep 02)
- Re: Password Standards Roger A Safian (Sep 02)
- Re: Password Standards Stephen C. Gay (Sep 02)
- Re: Password Standards Greene, Allen (Sep 02)
- Re: Password Standards Carson, Larry (Sep 02)
- Re: Password Standards Tim Faircloth (Sep 03)
- Re: Password Standards John Kristoff (Sep 03)
- Re: Password Standards Roger A Safian (Sep 03)
- <Possible follow-ups>
- Re: Password Standards Shane, Annie (Sep 03)
- Re: Password Standards Ken Connelly (Sep 02)