[unisog] Password policies

Daniel Bidwell bidwell at andrews.edu
Wed Apr 19 22:06:10 GMT 2006


On Wed, 2006-04-19 at 10:11 -0400, Seth Shestack wrote:
> We are looking at strengthening our password policy as part of a web
> single sign on project.
> When we presented a proposed password policy, we were asked , What do
> other Universities do?
>  
> Some questions:
> 1. Do you have a password requirements policy?
	yes
> 2. Do you mandate password changes?
	no, not since we required everyone to change to the current rules
> 3. If so what is the frequency of these changes?
> 4. What are your password complexity rules?
	6 character min
	must have some character (upper or lower)
	must have at least 1 digit that is not the first or last character
	must have at least 1 special symbol that is not the first or last
character  (we supply a list of characters that work across all of our
platforms)
> 5. What are your password history rules?
	no password history rules

no plain text telnet, imap, pop, ... on our network.

>  
> Thanks
>  
>  
> Seth
> 
> ______________________________________________________________________
> 
> Spam
> Not spam
> Forget previous vote
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list