-----Kevin Kettner wrote: ----- >Does anyone know if IBM is ever going to expand the character set >accepted for TSM passwords? I was hoping that would happen in TSM >6.3, >but apparently it still has the same password rules as it has for as >long as I can remember: > >http://pic.dhe.ibm.com/infocenter/tsminfo/v6r3/topic/com.ibm.itsm.cli >ent.doc/r_opt_password.html > >> A--Z >> Any letter, A through Z, uppercase or lowercase >> 0--9 >> Any number, 0 through 9 >> + >> Plus >> . >> Period >> _ >> Underscore >> - >> Hyphen >> & >> Ampersand >> > >The password policy at our university is this: > > * Are at least eight alphanumeric characters long > * Contain at least three of the following four categories: > o upper case characters (e.g., A-Z) > o lower case characters (e.g., a-z) > o Digits (e.g., 0-9) > o Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./) > >TSM doesn't meet that standard and it seems a little silly as that >seems >to be the industry standard for secure passwords. > >And yes, I am aware that special characters do not actually improve >password security that much, but... > >http://xkcd.com/936/
In what sense does TSM fail to meet the university standard? TSM will not force compliance with the standard, but a larger character set for TSM passwords would not change that. As far as I can see, TSM already allows compliance with the standard. TSM passwords can be considerably more than 8 characters long, and can in fact contain characters drawn from three of the four categories: upper case letters, digits, and some of the listed special characters. I don't think TSM passwords can in any real sense contain lower case letters, since lower case letters are converted to upper case when a password is entered. Thomas Denier Thomas Jefferson University Hospital
