Educause Security Discussion
mailing list archives
Re: Password policy publication
From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 27 Oct 2008 12:12:10 -0400
IMHO, less of
a risk than allowing users to choose a password with no complexity.
Or annoying a user by rejecting weak passwords with piecemeal
explanations of what they need to do to correct them.
Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology
On Oct 27, 2008, at 11:55 AM, Roger Safian wrote:
At 05:00 AM 10/25/2008, Geoff Nathan put fingers to keyboard and
Just a quick question--as always, reply to me and I'll summarize
for the list.
Does publishing the standards for strong passwords (e.g. eight
least one upper case, at least one numeral) constitute a security
giving information to potential hackers?
I'll take a chance. Sure it does. That being said, it's,
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key
(847) 491-4058 (voice)
(847) 467-6500 (Fax) "You're never too old to have a great