assurance - [Assurance] silver, 2-factor, password requirements

Subject: Assurance

List archive

[Assurance] silver, 2-factor, password requirements

From: Steven Carmody <>
To:
Subject: [Assurance] silver, 2-factor, password requirements
Date: Tue, 27 Nov 2012 16:01:25 -0500

Hi,

if our campus elects to have people authenticate with 2-factor in order for us to assert a Silver-compatible authentication ....

and one of those factors is a password ....

are there any requirements on strength, etc of that password ?

If we wanted people to authenticate with with just a password and be Silver-compliant, then the Silver profile contains lots of requirements about how that password is stored, access to the machine rooms with the KDC, etc. However, if the password is just one of the two factors, do all of those requirements in the Silver profile still apply ?

I think I know the answer, but I thought I'd ask .. ;-)

[Assurance] silver, 2-factor, password requirements, Steven Carmody, 11/27/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/27/2012
  - Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
    - RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
      - Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
        
        RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
        
        Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
        
        RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
        Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/29/2012
        Re: [Assurance] silver, 2-factor, password requirements, Cantor, Scott, 11/29/2012
        RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/29/2012

List archive

[Assurance] silver, 2-factor, password requirements