We just got notified that we need to change our password to have a minimum
length of nine characters. The notification came from people who only use
Windows workstations/servers and does not reference any other platforms. I know
that our z/VM and z/OS systems will not be able to comply (maybe with some
additional software), but how about the linux/unix systems out there. Can they
properly use 9+ character passwords?
/Tom Kern
--- Mike Walter <[EMAIL PROTECTED]> wrote:
> In our case the request (and I'm not saying publically whether it was
> granted or not) was for a specific 8-character length. That's all VM and
> MVS can handle anyway.
>
> Regarding the lower-case letters: any good mainframe security system
> should bet set up to disable access to an ID or resource after a specific
> and limited number of access attempts. If the access is disabled after,
> say 5 tries, does it the number of possible passwords between
> 318,644,812,890,625 and 5,352,009,260,481 really matter much? Even with
> (only) 5 trillion passwords combinations, how difficult would it be for
> someone to access a resource if after every 5 tries they were locked out,
> had to wait for the real owner of the resource to notice and call a
> support center to have the password reset, and then the hacker gets
> another 5 tries? Do you think someone might notice a pattern after a
> while? Maybe even a nontechnical end user?
>
> But I'm thinking of this strictly from the VM LOGON and LINK passwords
> direction (which was the original subject). Perhaps there's something
> else I'm missing, that at a college, you experience more often and can
> only be addressed via passwords vs digital certificates? For LOGON and
> LINK why would 8 character uppercase-only password be a long-term problem?
__________________________________
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/
