Home page logo
/

educause logo Educause Security Discussion mailing list archives

Password length and complexity
From: Eric Weakland <eric () AMERICAN EDU>
Date: Fri, 31 May 2013 13:08:10 -0400

Greetings,

Do any of you have any links handy to scholarly/technical articles that 
have recommendations or strategies on choosing appropriate password length 
and complexity requirements?  We're working on extending out password 
expiration period significantly - let's say 1 year, and will be using 
things like 2-factor for extremely sensitive accounts, and I want to make 
sure we are using a sound rationale/reasons for the length we choose - 
backed up by some research.

Anyone know of useful studies/research results that could help guide our 
recommendations?

Best,


Eric Weakland, CISSP, CISM, CRISC
Director, Information Security
Office of Information Technology 
American University
eric at american.edu
202.885.2241

______________________________________
AU IT will never ask for your password via e-mail. 
Don't share your password with anyone!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault