Re: [ADSM-L] Strong TSM Passwords?
2012-07-24 10:37:46
-----Kevin Kettner wrote: -----
>Does anyone know if IBM is ever going to expand the character set
>accepted for TSM passwords? I was hoping that would happen in TSM
>6.3,
>but apparently it still has the same password rules as it has for as
>long as I can remember:
>
>http://pic.dhe.ibm.com/infocenter/tsminfo/v6r3/topic/com.ibm.itsm.cli
>ent.doc/r_opt_password.html
>
>> A--Z
>> Any letter, A through Z, uppercase or lowercase
>> 0--9
>> Any number, 0 through 9
>> +
>> Plus
>> .
>> Period
>> _
>> Underscore
>> -
>> Hyphen
>> &
>> Ampersand
>>
>
>The password policy at our university is this:
>
> * Are at least eight alphanumeric characters long
> * Contain at least three of the following four categories:
> o upper case characters (e.g., A-Z)
> o lower case characters (e.g., a-z)
> o Digits (e.g., 0-9)
> o Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
>
>TSM doesn't meet that standard and it seems a little silly as that
>seems
>to be the industry standard for secure passwords.
>
>And yes, I am aware that special characters do not actually improve
>password security that much, but...
>
>http://xkcd.com/936/
In what sense does TSM fail to meet the university standard? TSM will
not force compliance with the standard, but a larger character set
for TSM passwords would not change that. As far as I can see, TSM
already allows compliance with the standard. TSM passwords can be
considerably more than 8 characters long, and can in fact contain
characters drawn from three of the four categories: upper case letters,
digits, and some of the listed special characters. I don't think
TSM passwords can in any real sense contain lower case letters,
since lower case letters are converted to upper case when a
password is entered.
Thomas Denier
Thomas Jefferson University Hospital
|
|
|