I would suggest using phrases instead of passwords (i.e. "I was born on a
Thursday!"). If they (phrases) are 14 characters or longer they are almost
uncrackable and VERY time consuming (for a dictionary attack somewhere
around 1.4 million years) I would call that pretty safe. :) This would also
eliminate constant password changes.
Hope this helps.
Technology Support Coordinator
College of Humanities and Social Sciences
Montclair State University
Dickson Hall 337
1 Normal Ave. Montclair, NJ 07043
(973)655-7835 - CHSS Tech Team
(973)655-7725 - Fax
From: The EDUCAUSE CIO Constituent Group Listserv
[mailto:[log in to unmask]] On Behalf Of Justin Sipher
Sent: Tuesday, August 17, 2004 11:53 AM
To: [log in to unmask]
Subject: [CIO] password rules
Hello. There was a thread recently about password policies with regard to
frequency of requiring a password change. However I have a different
password question. With our general account that authenticates just about
everything except our administrative systems
(Banner) we have had minimal rule sets for password requirements in the past
(more than X, less than Y characters, only alpha-numeric characters, etc..).
However our server support team has (properly) moved us to a more
restrictive set of rules for passwords to increase complexity of password
guessing (human or automated). This is a good thing, however our users
support team is now saying these rules are too restrictive and they are
taking sometime 4, 5 or more times when helping users reset their passwords
because our system rejects most of them as too trivial to guess.
Anyone gone through this and feel they have a healthy balance between ideal
security and manageable user customer service? If so, please share them
with me offline. I may be paranoid, but I didn't outline our new rules in
this e-mail as I fear doing so *could* open us up for someone to more easily
crack our systems when they know what basic rule principals we are
subscribing to. (not any of you, but those who could search the archive on
Justin D. Sipher
Assistant Vice President for Information Technology State University of New
York at Potsdam
44 Pierrepont Ave. Voice: (315) 267-3016
Potsdam, NY 13676 Fax: (315) 267-3169
http://www.potsdam.edu email: [log in to unmask]
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/cg/.
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.