Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Password policy publication
From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 27 Oct 2008 12:12:10 -0400

 IMHO, less of
a risk than allowing users to choose a password with no complexity.

Or annoying a user by rejecting weak passwords with piecemeal
explanations of what they need to do to correct them.

Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology

On Oct 27, 2008, at 11:55 AM, Roger Safian wrote:

At 05:00 AM 10/25/2008, Geoff Nathan put fingers to keyboard and
Just a quick question--as always, reply to me and I'll summarize
for the list.
Does publishing the standards for strong passwords (e.g. eight
characters, at
least one upper case, at least one numeral) constitute a security
hazard by
giving information to potential hackers?

I'll take a chance.  Sure it does.  That being said, it's,

Roger A. Safian
r-safian () northwestern edu (email) public key available on many key
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]