[ale] Password standards
Chris Fowler
cfowler at outpostsentinel.com
Tue Oct 18 14:23:07 EDT 2011
Okay, I think the ale box will flood after this.
I'm working on some changes to our system to support a huge list of
password creation requirements from a government agency. Luckily I do
not have to do them all. I only do what we can do and then we get a
waiver for the other requirements.
Example is: Password must contain at least one of these: '!@$#'
I do not want this thread to turn into a discussion about the best
passwords or why those in gov think they know the best passwords. IMO,
I don't like obtuse passwords because you motivate people to write them
down.
While doing this I became curious as to the source of their requirements
and if there was a 'best practices' document anywhere I could use as a
standard for other things.
I'm having to check for things like:
Must not contain the user name
Must contain a number
Must contain a special char '!@#$'
Must not contain two consecutive like characters 'aa'
Must contain at least one capitalized letter.
Is there a spec that the passwd program conforms too? I know that it
will provide a warning but not an error. I even seen web pages that
guage the "strength" based on content.
Looking for something that may be EASY TO READ :) and written down.
Chris
More information about the Ale
mailing list