[colug-432] password survey
Judd Montgomery
judd at jpilot.org
Thu May 22 18:26:25 EDT 2014
A friend just sent me something a little silly on this topic that I
figured I'd share.
During a recent password audit by a company, it was found that an
employee was using the following password:
"MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento" When asked why
she had such a long password, she rolled her eyes and said: "Hello! It
has to be at least 8 characters and include at least one capital."
On 05/02/2014 08:30 PM, Brian wrote:
> Due to a major re-organization at work, we are reviewing and/or
> implementing some new security policies. I personally think some of the
> proposed policies are not going to help security at all. So I thought I
> would take a survey to see what policies/practices are in place at other
> businesses. These are specific to UNIX/Linux systems. Active Directory
> users need not respond.
>
> 1. How long do your passwords need to be? Are you required to have
> non-alphabetic characters? How many passwords do you have to cycle
> through before you can re-use a password? Do you have a centralized
> authentication system? If you don't have centralized authentication,
> can you use the same password on all UNIX/Linux systems?
>
> 2. How often do you need to change passwords? Do you have any policy
> which allows exceptions to the password change frequency?
>
> 3. If you are allowed to use public keys, are you required to replace
> your keys on some sort of schedule?
>
> Thanks.
More information about the colug-432
mailing list