[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Password standards

Subject: [ale] Password standards
From: cfowler at outpostsentinel.com (Chris Fowler)
Date: Tue, 18 Oct 2011 14:23:07 -0400

Okay,  I think the ale box will flood after this.

I'm working on some changes to our system to support a huge list of
password creation requirements from a government agency.  Luckily I do
not have to do them all.  I only do what we can do and then we get a
waiver for the other requirements.

Example is: Password must contain at least one of these: '!@$#'

I do not want this thread to turn into a discussion about the best
passwords or why those in gov think they know the best passwords.   IMO,
I don't like obtuse passwords because you motivate people to write them
down.  

While doing this I became curious as to the source of their requirements
and if there was a 'best practices' document anywhere I could use as a
standard for other things.

I'm having to check for things like:

Must not contain the user name
Must contain a number
Must contain a special char '!@#$'
Must not contain two consecutive like characters 'aa'
Must contain at least one capitalized letter.

Is there a spec that the passwd program conforms too?  I know that it
will provide a warning but not an error.  I even seen web pages that
guage the "strength" based on content.

Looking for something that may be EASY TO READ :) and written down.

Chris

Follow-Ups:
- [ale] Password standards
  - From: JLightner at water.com (Lightner, Jeff)
- [ale] Password standards
  - From: jdp at algoloma.com (JD)
- [ale] Password standards
  - From: sidusnare at gmail.com (Fred Dinkler IV)
- [ale] Password standards
  - From: mhw at WittsEnd.com (Michael H. Warfield)

Prev by Date: [ale] Procmail rule help
Next by Date: [ale] Procmail rule help
Previous by thread: [ale] Procmail rule help
Next by thread: [ale] Password standards
Index(es):
- Date
- Thread