Home page logo

educause logo Educause Security Discussion mailing list archives

Password length and complexity
From: Eric Weakland <eric () AMERICAN EDU>
Date: Fri, 31 May 2013 13:08:10 -0400


Do any of you have any links handy to scholarly/technical articles that 
have recommendations or strategies on choosing appropriate password length 
and complexity requirements?  We're working on extending out password 
expiration period significantly - let's say 1 year, and will be using 
things like 2-factor for extremely sensitive accounts, and I want to make 
sure we are using a sound rationale/reasons for the length we choose - 
backed up by some research.

Anyone know of useful studies/research results that could help guide our 


Eric Weakland, CISSP, CISM, CRISC
Director, Information Security
Office of Information Technology 
American University
eric at american.edu

AU IT will never ask for your password via e-mail. 
Don't share your password with anyone!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]