Educause Security Discussion
mailing list archives
Password length and complexity
From: Eric Weakland <eric () AMERICAN EDU>
Date: Fri, 31 May 2013 13:08:10 -0400
Do any of you have any links handy to scholarly/technical articles that
have recommendations or strategies on choosing appropriate password length
and complexity requirements? We're working on extending out password
expiration period significantly - let's say 1 year, and will be using
things like 2-factor for extremely sensitive accounts, and I want to make
sure we are using a sound rationale/reasons for the length we choose -
backed up by some research.
Anyone know of useful studies/research results that could help guide our
Eric Weakland, CISSP, CISM, CRISC
Director, Information Security
Office of Information Technology
eric at american.edu
AU IT will never ask for your password via e-mail.
Don't share your password with anyone!