[unisog] Password policies

Daniel Bidwell bidwell at andrews.edu
Wed Apr 19 22:06:10 GMT 2006

On Wed, 2006-04-19 at 10:11 -0400, Seth Shestack wrote:
> We are looking at strengthening our password policy as part of a web
> single sign on project.
> When we presented a proposed password policy, we were asked , What do
> other Universities do?
> Some questions:
> 1. Do you have a password requirements policy?
> 2. Do you mandate password changes?
	no, not since we required everyone to change to the current rules
> 3. If so what is the frequency of these changes?
> 4. What are your password complexity rules?
	6 character min
	must have some character (upper or lower)
	must have at least 1 digit that is not the first or last character
	must have at least 1 special symbol that is not the first or last
character  (we supply a list of characters that work across all of our
> 5. What are your password history rules?
	no password history rules

no plain text telnet, imap, pop, ... on our network.

> Thanks
> Seth
> ______________________________________________________________________
> Spam
> Not spam
> Forget previous vote
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list