Citation[]
Department of Defense, Password Management Guideline (known as the "Green Book") (Apr. 12, 1985) (full-text).
Overview[]
This Guideline provided a set of good practices directed toward preventing password compromise. Large numbers of ADP systems require identification and authentication of a system user. Often, the authentication mechanism implemented is a password — a "symbol" that should be known only by its owner. Since a user's identification is often a compaction of the individual's name and thus easily guessed, the password must provide the requisite protection. Measures suggested for password protection include:
- a. Use of machine-generated pronounceable passwords (pass-phrases).
- b. Maximum length of time for password retention.
- c. Capability to change a password.
- d. Personal password protection (e.g., not written down)