15 Jun
2009
15 Jun
'09
8:36 a.m.
Gene Buckle wrote:
For the systems that don't have short password fields, would'nt pass
phrases be more secure?
Yes, but spaces count as "non-alphabetic characters". So, they would
meet the rules anyway.
Peace... Sridhar
When I worked at IBM a couple of years ago (doing
rather dull tech
support stuff) I worked out that the password rules (something like
"eight to ten characters, two to four upper-case letters and two to four
digits not in the first, second, second-to-last or last position")
yielded about 1000 valid passwords...
IBM *never* had password rules like that.
It's "eight or more, at least one alphabetic, at least one
non-alphabetic". It used to be "eight or more, at least one
non-alphabetic, can't begin or end with a non-alphabetic".
Of course, GSD331 had its own weird requirements, but those are, by no
means, IBM's official rules for internal passwords.