Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Password policy publication
From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 27 Oct 2008 12:12:10 -0400

 IMHO, less of
a risk than allowing users to choose a password with no complexity.

Or annoying a user by rejecting weak passwords with piecemeal
explanations of what they need to do to correct them.

Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology
http://mit.edu/infoprotect



On Oct 27, 2008, at 11:55 AM, Roger Safian wrote:

At 05:00 AM 10/25/2008, Geoff Nathan put fingers to keyboard and
wrote:
Just a quick question--as always, reply to me and I'll summarize
for the list.
Does publishing the standards for strong passwords (e.g. eight
characters, at
least one upper case, at least one numeral) constitute a security
hazard by
giving information to potential hackers?

I'll take a chance.  Sure it does.  That being said, it's,

--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key
servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great
childhood!"


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]