[ale] Password standards

Lightner, Jeff JLightner at water.com
Tue Oct 18 14:59:19 EDT 2011 

Can't answer that but can suggest you install "expect" and use it's mkpasswd to generate your random passwords.  It has multiple flags that can be used to specify the rules used in its generation of passwords.

You can even use its output to set the password with the Linux "passwd --stdin".   Of course if you need to provide these passwords you'll need to tee the output so it saves the password to a file - be sure to delete the file after you've provided the password to users.

Also you can likely modify setup via PAM modules to make the above requirements for future password changes.





-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Chris Fowler
Sent: Tuesday, October 18, 2011 2:23 PM
To: ale at ale.org
Subject: [ale] Password standards

Okay,  I think the ale box will flood after this.

I'm working on some changes to our system to support a huge list of
password creation requirements from a government agency.  Luckily I do
not have to do them all.  I only do what we can do and then we get a
waiver for the other requirements.

Example is: Password must contain at least one of these: '!@$#'

I do not want this thread to turn into a discussion about the best
passwords or why those in gov think they know the best passwords.   IMO,
I don't like obtuse passwords because you motivate people to write them
down.

While doing this I became curious as to the source of their requirements
and if there was a 'best practices' document anywhere I could use as a
standard for other things.

I'm having to check for things like:

Must not contain the user name
Must contain a number
Must contain a special char '!@#$'
Must not contain two consecutive like characters 'aa'
Must contain at least one capitalized letter.

Is there a spec that the passwd program conforms too?  I know that it
will provide a warning but not an error.  I even seen web pages that
guage the "strength" based on content.

Looking for something that may be EASY TO READ :) and written down.

Chris




_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo




Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the Ale mailing list