Educause Security Discussion mailing list archives
Re: Password Standards
From: John Kristoff <jtk () CYMRU COM>
Date: Wed, 3 Sep 2014 07:39:42 -0500
On Tue, 2 Sep 2014 16:35:00 -0400 "Russo, Dan" <drusso () SBU EDU> wrote:
If anyone has the time, and is willing to share what they use for password standards?
Many of the responses, the password policy pages particularly, were quite similar with only a few notable, but slight differences. I only saw a couple that mentioned how passwords were to be stored by developers and only with the vague notion of "encryption". More guidelines for internal developers or third parties might be nice. Specifically, detail tools and methods for using and storing a hash and salt, syadmins performing password crack audits and so on. While not specifically part of the password policy, there might also be some additional safeguards mentioned when an account has unusual access patterns or attempts are made, perhaps requiring an additional authentication step or an alert being generated. John
Current thread:
- Password Standards Russo, Dan (Sep 02)
- Re: Password Standards Ken Connelly (Sep 02)
- Re: Password Standards Mally Mclane (Sep 03)
- Re: Password Standards Shamblin, Quinn (Sep 03)
- Re: Password Standards Mally Mclane (Sep 03)
- Re: Password Standards Ben Woelk (Sep 02)
- Re: Password Standards Roger A Safian (Sep 02)
- Re: Password Standards Stephen C. Gay (Sep 02)
- Re: Password Standards Greene, Allen (Sep 02)
- Re: Password Standards Carson, Larry (Sep 02)
- Re: Password Standards Tim Faircloth (Sep 03)
- Re: Password Standards John Kristoff (Sep 03)
- Re: Password Standards Roger A Safian (Sep 03)
- <Possible follow-ups>
- Re: Password Standards Shane, Annie (Sep 03)
- Re: Password Standards Ken Connelly (Sep 02)