The minimum password security requirement!

s2008

The Minimum Security Requirements for Multi-User Operating Systems (MSR) states that the password should be 8 characters minimum in length.

However, their website states that their document "NISTIR 5153" has been superseded by the "Federal Criteria", and the "Federal Criteria" has been superseded by the "Common Criteria".

I have searched the whole Common Criteria documents and I couldn't see any minimum password security requirement!, is that now depends on the application security and not a requirement anymore?

Also, does the ISC2 test comes with questions from the obsolete NISTIR 5153 ?

kriscamaro68

s2008 wrote: »

The Minimum Security Requirements for Multi-User Operating Systems (MSR) states that the password should be 8 characters minimum in length.

However, their website states that their document "NISTIR 5153" has been superseded by the "Federal Criteria", and the "Federal Criteria" has been superseded by the "Common Criteria".

I have searched the whole Common Criteria documents and I couldn't see any minimum password security requirement!, is that now depends on the application security and not a requirement anymore?

Also, does the ISC2 test comes with questions from the obsolete NISTIR 5153 ?

As for the test I don't know what would be on it as I have never taken it. I have always read though that 8 is the minimum for passwords. I believe thats the default on windows servers now days as well.