RE: Password Checking Tool

From: Darlene Steeper (dsteeper@uwo.ca)
Date: 04/19/02 

From: "Darlene Steeper" <dsteeper@uwo.ca>
To: <shirleyb@southwestmurals.com>, <security-basics@securityfocus.com>
Date: Fri, 19 Apr 2002 14:48:31 -0400

Shavlik Technologies has a tool called Password Inspector. You can download
a trial version from their website. It will rate your passwords on a level
of security, how old it is and lots of other useful information. This will
only work for windows but you will be able to get your point across. My
other suggestion would be to put on your 'white hat' and use a tool like
lophtcrack and see how many passwords you can crack in 5 minutes.

Good luck, I'm fighting the same battle.
D.

-----Original Message-----
From: Robert Baulch [mailto:shirleyb@southwestmurals.com]
Sent: Friday, April 19, 2002 9:14 AM
To: security-basics@securityfocus.com
Subject: Password Checking Tool

Before introducing our new policy to enforce password complexity
requirments, my management team has asked me to gather valid examples of
existing users whose passwords are too simple. We have a combined
environment of Novell and ActiveDirectory/W2K. Is there a tool that I can
run as an admin that can easily be used to do this?

This is a one time deal to "sell" the policy to some of our problematic
users (which are backbone of our business) so we cannot just say "here it is
... deal with it" for fear they may become disgruntled and the business
close ;-(

Any suggestions would be helpful-

Shirley

__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com

Relevant Pages

  • Re: releasing confidential docs
    ... Security Policy, Data Classification Policy, Data Retention Policy, ... Policy, Business Continuity Plan Summary, Disaster Recovery Plan ... My opinion on whether or not a NDA would protect your ...
    (microsoft.public.security)
  • Re: testing my users temptation to open a well crafted email
    ... >internal website that says something like, ... make sure your own company policy allows for this. ... with something to the effect of a "Security ... Warning", with some real-sounding security address being used as the ...
    (alt.computer.security)
  • Re: testing my users temptation to open a well crafted email
    ... >internal website that says something like, ... make sure your own company policy allows for this. ... with something to the effect of a "Security ... Warning", with some real-sounding security address being used as the ...
    (comp.security.misc)
  • Re: New IE flaw and exploit sites/migration to non-MS browser
    ... I don't have enough hours in the day to build a "white list" of trusted business sites that my firm needs to use given the needs of my business. ... This is the fundamental argument where the security guys need to understand that I don't build or use tanks, warfare or other military like stuff. ... everyone in my office has and has signed an acceptable use policy... ... Have off network security to network security personnel who understand ...
    (Focus-Microsoft)
  • Re: Information Security in Mergers and Acquisition
    ... A gap analysis document between buyer's and acquirer's security ... policies and procedures and the "written" security policies. ... security policy and get management sign-off. ... Is the policy integrated into the business ...
    (Security-Basics)