password expiration policy (was Re: UNIX V7)
Sridhar Ayengar
ploopster at gmail.com
Mon Jun 15 10:11:32 CDT 2009
Gordon JC Pearce wrote:
> When I worked at IBM a couple of years ago (doing rather dull tech
> support stuff) I worked out that the password rules (something like
> "eight to ten characters, two to four upper-case letters and two to four
> digits not in the first, second, second-to-last or last position")
> yielded about 1000 valid passwords...
IBM *never* had password rules like that.
It's "eight or more, at least one alphabetic, at least one
non-alphabetic". It used to be "eight or more, at least one
non-alphabetic, can't begin or end with a non-alphabetic".
Of course, GSD331 had its own weird requirements, but those are, by no
means, IBM's official rules for internal passwords.
Peace... Sridhar
More information about the cctalk
mailing list