Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Apr 2016 23:01:05 +0200
From: Patrick Proniewski <>
Subject: Re: Password creation policies

Hi all,

On 07 avr. 2016, at 22:50, Per Thorsheim wrote:

> Ah. By "password creation policy", I think of some sort of rules for
> ordinary humans to create passwords that are "strong enough" (accepted
> by the system where they are to be used), AND memorable, as we still
> prefer and have to comply with EULA, standards & even law saying we are
> not allowed to write down our passwords. Something I'm trying to change btw.

Do you have some pointers to countries with law banning the write-down of passwords?

I'm CISO in a french university, and I officially tell my users they can write down their new password as long as it stays hidden in their wallet, and as long as they destroy the paper when they are confident they memorized it.
We also provide our staff with a self hosted password storage web application.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.