[ale] Password standards
Fred Dinkler IV
sidusnare at gmail.com
Tue Oct 18 20:24:56 EDT 2011
Hi,
I like this for password gen:
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c12
On 10/18/2011 02:23 PM, Chris Fowler wrote:
> Okay, I think the ale box will flood after this.
>
> I'm working on some changes to our system to support a huge list of
> password creation requirements from a government agency. Luckily I do
> not have to do them all. I only do what we can do and then we get a
> waiver for the other requirements.
>
> Example is: Password must contain at least one of these: '!@$#'
>
> I do not want this thread to turn into a discussion about the best
> passwords or why those in gov think they know the best passwords. IMO,
> I don't like obtuse passwords because you motivate people to write them
> down.
>
> While doing this I became curious as to the source of their requirements
> and if there was a 'best practices' document anywhere I could use as a
> standard for other things.
>
> I'm having to check for things like:
>
> Must not contain the user name
> Must contain a number
> Must contain a special char '!@#$'
> Must not contain two consecutive like characters 'aa'
> Must contain at least one capitalized letter.
>
> Is there a spec that the passwd program conforms too? I know that it
> will provide a warning but not an error. I even seen web pages that
> guage the "strength" based on content.
>
> Looking for something that may be EASY TO READ :) and written down.
>
> Chris
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list