[colug-432] password survey

Scott McCarty scott.mccarty at gmail.com
Thu May 22 18:52:54 EDT 2014


For keys there are definitely guidelines. Here is an old article I wrote, but still very important data:

http://crunchtools.com/ssh-keychain/

See sections: Key Length & RSA vs. DSA

Best Regards
Scott M

----- Original Message -----
> From: "Judd Montgomery" <judd at jpilot.org>
> To: "Central OH Linux User Group - 432xx" <colug-432 at colug.net>
> Sent: Thursday, May 22, 2014 6:26:25 PM
> Subject: Re: [colug-432] password survey
> 
> A friend just sent me something a little silly on this topic that I
> figured I'd share.
> 
> During a recent password audit by a company, it was found that an
> employee was using the following password:
> "MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento"  When asked
> why
> she had such a long password, she rolled her eyes and said: "Hello!
>  It
> has to be at least 8 characters and include at least one capital."
> 
> On 05/02/2014 08:30 PM, Brian wrote:
> > Due to a major re-organization at work, we are reviewing and/or
> > implementing some new security policies.  I personally think some
> > of the
> > proposed policies are not going to help security at all.  So I
> > thought I
> > would take a survey to see what policies/practices are in place at
> > other
> > businesses.  These are specific to UNIX/Linux systems.  Active
> > Directory
> > users need not respond.
> >
> > 1.  How long do your passwords need to be?  Are you required to
> > have
> > non-alphabetic characters?  How many passwords do you have to cycle
> > through before you can re-use a password?  Do you have a
> > centralized
> > authentication system?  If you don't have centralized
> > authentication,
> > can you use the same password on all UNIX/Linux systems?
> >
> > 2.  How often do you need to change passwords?  Do you have any
> > policy
> > which allows exceptions to the password change frequency?
> >
> > 3.  If you are allowed to use public keys, are you required to
> > replace
> > your keys on some sort of schedule?
> >
> > Thanks.
> 
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
> 


More information about the colug-432 mailing list