Password Policy

From BNL Physics Computing

Contents 1 BNL Policy 2 Policy for Physics LDAP systems 3 Password managers 3.1 Unix-like OS 3.2 Mac OS X 3.3 MS Windows OS

BNL Policy

There is an overall BNL password policy and procedures. It gives requirements for complexity. However by making the suggestions a requirement the search space is actually reduced. This makes cracking the password hashes easier as certain character combinations can a priori be removed from consideration.

Policy for Physics LDAP systems

To provide greater security systems under the Physics LDAP authentication umbrella have the following password complexity rules:

1. Treat the policy rules as suggestions
2. Passwords must be at least 12 characters "long"
3. Passwords gain up to two length credits for each
   1. lower case character
   2. upper case character
   3. digit (number)
   4. other (symbols) character

Password managers

It is important to use strong passwords and not to use the same passwords for different authentication realms. To manage all these passwords it is suggested to use a password manager that will encrypt all the passwords using a single password or passphrase. Some suggested password managers:

Unix-like OS

Figaro's Password Manager (fpm)

This lets you form groups of passwords and associate "launchers" to access the login.

Mac OS X

Besides the above, (please contribute)

MS Windows OS

Suggested, but untested:

• http://keepass.sourceforge.net/

(please contribute)