[unisog] Password policies
bidwell at andrews.edu
Wed Apr 19 22:06:10 GMT 2006
On Wed, 2006-04-19 at 10:11 -0400, Seth Shestack wrote:
> We are looking at strengthening our password policy as part of a web
> single sign on project.
> When we presented a proposed password policy, we were asked , What do
> other Universities do?
> Some questions:
> 1. Do you have a password requirements policy?
> 2. Do you mandate password changes?
no, not since we required everyone to change to the current rules
> 3. If so what is the frequency of these changes?
> 4. What are your password complexity rules?
6 character min
must have some character (upper or lower)
must have at least 1 digit that is not the first or last character
must have at least 1 special symbol that is not the first or last
character (we supply a list of characters that work across all of our
> 5. What are your password history rules?
no password history rules
no plain text telnet, imap, pop, ... on our network.
> Not spam
> Forget previous vote
> unisog mailing list
> unisog at lists.sans.org
More information about the unisog