+ Post New Thread
Results 1 to 7 of 7
School ICT Policies Thread, Paasword or passphrase in School Administration; What intstruction do you give your users about creating passwords. Do you require them to use a complex password or ...
  1. #1

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    Paasword or passphrase

    What intstruction do you give your users about creating passwords. Do you require them to use a complex password or to string random words together to form a passphrase.

    There's a gradual trend towards passphrases as they cover two security concerns, length and user friendlyness.Paassphrases will tend to be longer thus ensuring greater protection against automated attacks. The use of normal words would be easier to remember for non-geeks.

    The one problem might be shoulder surfers for whom passphrases will be like plain text and take longer to type which is a bonus.

    As for user friendlyness, I wonder how teachers will take to Diceware wordlists. You can imagine the scene in the staffroom. No it's not a Dungeon and Dragons revival it's just password renewal day.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Paasword or passphrase

    Well, personally, I think for within school there isn't really a need for it. However if your offering external services that pupils/teachers can access from home and your using some form of single sign on then I don't think you have a choice. If you have services exposed to the Internet you have to take password security seriously.

    Under windows, there's several settings to enable/control complex passwords in Active Directory. Under Linux you can do this with the pam_cracklib.so module. I've no idea about Macs but I'd guess it'd be similar to the Linux situation.

  3. #3
    Grommit's Avatar
    Join Date
    Sep 2006
    Location
    Weston-super-Mare
    Posts
    1,335
    Thank Post
    31
    Thanked 54 Times in 31 Posts
    Rep Power
    25

    Re: Paasword or passphrase

    rightttt.. so we have to get the staff no longer user their kids/hamster/dog/cat/girlfriends name ?

    Pandamonium would erupt :-)

  4. #4

    Andrew_C's Avatar
    Join Date
    Sep 2005
    Location
    Winchester
    Posts
    3,018
    Thank Post
    64
    Thanked 383 Times in 292 Posts
    Rep Power
    162

    Re: Paasword or passphrase

    Quote Originally Posted by Geoff
    Well, personally, I think for within school there isn't really a need for it.
    You are joking, aren't you? There is probably no one more likely, or better equiped to have a pop at your security than a bored, disgruntled teenager! We have suffed two serious attacks, both by (now ex)pupils. Our system now requires complex passwords. 3 out of the four UPPER, lower, number and punctuation; and a minimum length. Change every 40 days.

    The significant problem is with keyboards that ma to US layout prior to log-on. This moves @ to " and visa-versa and causes no end of grief.
    Quote Originally Posted by Grommit
    rightttt.. so we have to get the staff no longer user their kids/hamster/dog/cat/girlfriends name ?
    What's wrong with "T1dd!es!"?

  5. #5
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    69
    Thanked 54 Times in 38 Posts
    Rep Power
    30

    Re: Paasword or passphrase

    Would recommending staff to use postcodes be a good idea? Perhaps not their own, but you'd have to be pretty determined to guess my nana's post code!
    Also, how do phone numbers fair up to brute force attacks?

  6. #6

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,250
    Thank Post
    55
    Thanked 280 Times in 187 Posts
    Rep Power
    134

    Re: Paasword or passphrase

    Quote Originally Posted by eean
    you'd have to be pretty determined to guess my nana's post code!
    That's one BIG banana! 8O

  7. #7
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    566
    Thank Post
    69
    Thanked 54 Times in 38 Posts
    Rep Power
    30

    Re: Paasword or passphrase


SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •