Strengthening PennKey Initiative
October 1, 2008 :: Edda Katz, ISC
A major initiative, led by ISC in consultation with Schools and Centers, is underway to improve password security and strengthen the authentication mechanisms that protect online applications, services, and information.
For the Penn community at large, the most visible and far-reaching change will be a switch from passwords to what are called passphrases. Passphrases will permit the use of dictionary words rather than requiring combinations of letters, numbers, and special characters, the only option available under the current PennKey password rules. Passphrases will also be longer – from a minimum of 15 characters to a maximum of 64.
Additional changes include the implementation of a new authentication infrastructure; the introduction of supplementary authorization for sensitive services; the implementation of a mechanism to assist in detecting attempts by unauthorized users to access PennKey-protected applications; and revisions to the process for distributing PennKey Setup Codes. More information about these changes is available on the Strengthening PennKey project page at www.upenn.edu/computing/pennkey/strengthen-pennkey/.