15 Jun
2009
15 Jun
'09
8:27 a.m.
On Mon, 15 Jun 2009, Sridhar Ayengar wrote:
Gordon JC Pearce wrote:
For the systems that don't have short password fields, would'nt pass
phrases be more secure?
g.
--
Proud owner of F-15C 80-0007
http://www.f15sim.com - The only one of its kind.
ScarletDME - The red hot Data Management Environment
A Multi-Value database for the masses, not the classes.
http://www.scarletdme.org - Get it _today_!
When I worked at IBM a couple of years ago (doing
rather dull tech
support stuff) I worked out that the password rules (something like
"eight to ten characters, two to four upper-case letters and two to four
digits not in the first, second, second-to-last or last position")
yielded about 1000 valid passwords...
IBM *never* had password rules like that.
It's "eight or more, at least one alphabetic, at least one non-alphabetic".
It used to be "eight or more, at least one non-alphabetic, can't begin or end
with a non-alphabetic".
Of course, GSD331 had its own weird requirements, but those are, by no means,
IBM's official rules for internal passwords.