[colug-432] password survey
Scott McCarty
scott.mccarty at gmail.com
Thu May 22 18:52:54 EDT 2014
For keys there are definitely guidelines. Here is an old article I wrote, but still very important data:
http://crunchtools.com/ssh-keychain/
See sections: Key Length & RSA vs. DSA
Best Regards
Scott M
----- Original Message -----
> From: "Judd Montgomery" <judd at jpilot.org>
> To: "Central OH Linux User Group - 432xx" <colug-432 at colug.net>
> Sent: Thursday, May 22, 2014 6:26:25 PM
> Subject: Re: [colug-432] password survey
>
> A friend just sent me something a little silly on this topic that I
> figured I'd share.
>
> During a recent password audit by a company, it was found that an
> employee was using the following password:
> "MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento" When asked
> why
> she had such a long password, she rolled her eyes and said: "Hello!
> It
> has to be at least 8 characters and include at least one capital."
>
> On 05/02/2014 08:30 PM, Brian wrote:
> > Due to a major re-organization at work, we are reviewing and/or
> > implementing some new security policies. I personally think some
> > of the
> > proposed policies are not going to help security at all. So I
> > thought I
> > would take a survey to see what policies/practices are in place at
> > other
> > businesses. These are specific to UNIX/Linux systems. Active
> > Directory
> > users need not respond.
> >
> > 1. How long do your passwords need to be? Are you required to
> > have
> > non-alphabetic characters? How many passwords do you have to cycle
> > through before you can re-use a password? Do you have a
> > centralized
> > authentication system? If you don't have centralized
> > authentication,
> > can you use the same password on all UNIX/Linux systems?
> >
> > 2. How often do you need to change passwords? Do you have any
> > policy
> > which allows exceptions to the password change frequency?
> >
> > 3. If you are allowed to use public keys, are you required to
> > replace
> > your keys on some sort of schedule?
> >
> > Thanks.
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
More information about the colug-432
mailing list