Re: [ADSM-L] Strong TSM Passwords?
2012-07-24 11:19:08
You are correct, I guess it can minimally satisfy the requirement.
TSM supports 41 characters of the standard 94 allowed characters.
I am in agreement that TSM passwords can be very secure, especially
since we allow 5 wrong password attempts before the account is locked.
In reality, a 4 character password with only numbers would be hard to
crack since a hacker could only test 5 of 1000 possible combinations
before they were locked out.
On 7/24/2012 9:25, Thomas Denier wrote:
-----Kevin Kettner wrote: -----
Does anyone know if IBM is ever going to expand the character set
accepted for TSM passwords? I was hoping that would happen in TSM
6.3,
but apparently it still has the same password rules as it has for as
long as I can remember:
http://pic.dhe.ibm.com/infocenter/tsminfo/v6r3/topic/com.ibm.itsm.cli
ent.doc/r_opt_password.html
A--Z
Any letter, A through Z, uppercase or lowercase
0--9
Any number, 0 through 9
+
Plus
.
Period
_
Underscore
-
Hyphen
&
Ampersand
The password policy at our university is this:
* Are at least eight alphanumeric characters long
* Contain at least three of the following four categories:
o upper case characters (e.g., A-Z)
o lower case characters (e.g., a-z)
o Digits (e.g., 0-9)
o Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
TSM doesn't meet that standard and it seems a little silly as that
seems
to be the industry standard for secure passwords.
And yes, I am aware that special characters do not actually improve
password security that much, but...
http://xkcd.com/936/
In what sense does TSM fail to meet the university standard? TSM will
not force compliance with the standard, but a larger character set
for TSM passwords would not change that. As far as I can see, TSM
already allows compliance with the standard. TSM passwords can be
considerably more than 8 characters long, and can in fact contain
characters drawn from three of the four categories: upper case letters,
digits, and some of the listed special characters. I don't think
TSM passwords can in any real sense contain lower case letters,
since lower case letters are converted to upper case when a
password is entered.
Thomas Denier
Thomas Jefferson University Hospital
|
|
|