Passwords: does size matter, what characters?
Ben Scott
dragonhawk at gmail.com
Thu Mar 9 17:32:01 EST 2006
On 3/9/06, Ted Roche <tedroche at tedroche.com> wrote:
> Are there "commonly accepted guidelines?"
In a word, no.
Best password guideline I've yet seen: "It should be easy for you to
remember, and hard for others to guess." Of course, for some reason,
people seem think their name spelled backwards is "hard to guess".
:-/
Sarbanes-Oxley gets cited all the time in the name of password
strength requirements, but as near as I can tell, SOX doesn't even
*mention* passwords.1 It merely says that auditors should check for
internal security practices.
I believe HIPPA is mostly the same as SOX in that department.
Microsoft provides a particularly well-written guide on password security:
http://www.microsoft.com/athome/security/privacy/password.mspx
Hope this helps,
-- Ben "drowssap" Scott
More information about the gnhlug-discuss
mailing list