RE: [fw-wiz] Stanford break in
From: Paul D. Robertson (paul_at_compuwar.net)
Date: 04/23/04
- Previous message: Chuck Vose: "RE: [fw-wiz] Stanford break in"
- In reply to: Laura Taylor: "RE: [fw-wiz] Stanford break in"
- Next in thread: Victor Williams: "RE: [fw-wiz] Stanford break in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Laura Taylor <ltaylor@relevanttechnologies.com> Date: Thu, 22 Apr 2004 18:15:30 -0400 (EDT)
On Thu, 22 Apr 2004, Laura Taylor wrote:
> You need some user behavior/rules of engagement policies to deal with users
> bringing home password files and cracking them. And they should be enforced.
> Laura
Ron's main point (I think) is that you can't enforce strong password
policies everywhere in an organization, so folks who want to circumvent
those policies will do so, and the net result of stronger passwords is
lost. Non-trivial passwords, I agree with, but "strong passwords" really
just piss off users without much overall affect to the organization's
security posture if there's enough disparate system types (or if users
simply use that password everywhere so they can remember it.)
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Chuck Vose: "RE: [fw-wiz] Stanford break in"
- In reply to: Laura Taylor: "RE: [fw-wiz] Stanford break in"
- Next in thread: Victor Williams: "RE: [fw-wiz] Stanford break in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
