Re: Password Standards

["Carson, Larry" <larry.carson () UBC CA>]

Our standard on "Password and Passphrase Protection" is here:
http://cio.ubc.ca/sites/cio.ubc.ca/files/documents/standards/Std%2002%20Pass
word%20and%20Passphrase%20Protection.pdf 

 

 

Regards,
Larry Carson
Associate Director, Information Security Management, UBC

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greene, Allen
Sent: Tuesday, September 02, 2014 2:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Standards

 

Dan,

 

You can view our Passwords page here:
https://www.rochester.edu//it/security/yourself/passwords.html
<https://www.rochester.edu/it/security/yourself/passwords.html> .  We have
an online Test Your Password tool that lists our minimum requirements and
provides the opportunity to enter a password and get real time feedback on
the password's score and complexity (the password is obscured of course).
Additionally it also provides a breakdown of factors that added to or
deducted from the score listed.

 

Minimum Requirements:

.         Minimum 8 characters in length

.         Maximum 15 characters in length

.         Minimum 4 unique characters

.         Minimum 2 alphabetic characters

.         Contains 3/4 character sets:
- Uppercase Letters
- Lowercase Letters
- Numbers
- Symbols: *&^#()$%+=!~

.         Not allowed: @

 

Best regards,

 

Allen Greene | Security Analyst Senior

University of Rochester | University IT Security and Policy

Office:  (585) 275-7335 |  <mailto:Allen.Greene () Rochester edu>
Allen.Greene () Rochester edu 

 

longerLogo-300dpi_sm

 

"The only truly secure system is one that is powered off, cast in a block of
concrete and sealed in a lead-lined room with armed guards -- and even then
I have my doubts."  (Eugene H. Spafford)

 

CONFIDENTIALITY: This e-mail, and any attachments thereto, is intended only
for use by the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient of
this e-mail (or the person responsible for delivering this document to the
intended recipient), you are hereby notified that any dissemination,
distribution, printing or coping of this e-mail, and any attachment thereto,
is strictly prohibited. If you have received this e-mail in error, please
respond to the individual sending the message, and permanently delete the
original and any copy of any e-mail and printout thereof.  Thank you. 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, Dan
Sent: Tuesday, September 02, 2014 4:35 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Standards

 

Hello -

 

If anyone has the time, and is willing to share what they use for password
standards?

 

Specifically

 

Password Length

Password History

Password Expiration (if any)

Password Age

 

 

Thanks !

Attachment: smime.p7s
Description: