Re: passwords
From: jl (jl@vidcrew4u.net)
Date: 02/19/03
- Previous message: Shanna Daly: "RE: passwords"
- In reply to: multics@ruserved.com: "Re: passwords"
- Next in thread: Ross Nelson: "Re: passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "jl" <jl@vidcrew4u.net> To: "security-basics@securityfocus.com" <security-basics@securityfocus.com>, "multics@ruserved.com" <multics@ruserved.com> Date: Wed, 19 Feb 2003 16:25:13 -0600
I've learned to rely on a little windows program that seem to fit our
password needs. I've been, and still am, the 30 day believer for good
security at the desktop.
The programs that we use to generate these passwords are small, free,
and very flexible in the results that you want from your generation
needs. We simply generate a random list of passwords that are
available for distribution. We insert the first XYZ set of numbers for
IT to use as departmental, personnel, or divisional markers, and then
use the program to generate our list. We do this quarterly, so that we
always have enough passwords generated for a designated area on hand.
For those that are password immune, (meaningg refuse to comply with
change requirements) we've come to rely on these programs random
generating capabilities to help with quick passwords that these people
seem to be able to live with.
=========
These programs are:
Maskingpassword generator. Shareware, $10.00 us to buy. You can take
a look at it at:
http://www.accusolve.biz/
OVERVIEW:
Generate random passwords or numbers based on any conceivable pattern.
The program can be run in the System Tray,
so passwords can be generated from within any Windows application
by pressing a user-defined or default key combination.
This version features random-length passwords and character set
customization
and the second program:
Pins. Freeware, you can't beat that.
http://www.mirekw.com/
OVERVIEW:
PINs stores data with the 448-bit Blowfish algorithm.
PINs can be safely run even on a public computer.
It can also run directly from a floppy without any installation.
Features include:
Unlimited entries and data files
Tree-like data organization allows logical grouping of systems and
accounts
Safe files wiping using Gutmann, DoD and custom methods
=====
I'm not a big believer in desktop storage with pins, but if you're
deploying self governed password generation, it's not a bad way to go.
It's also very simple to use, and can run from a floppy if needed.
On Tue, 18 Feb 2003 15:13:36 -0500 (EST), multics@ruserved.com wrote:
>Only if you are sure they are selecting good passwords. It also
>depends on how secure your network is and the access path between the
>users and the mail server. If users are writing down or choosing
>insicure passwords due to problems remembering the new ones then
>you may be introducing more problems then you are solving.
>
>> Hello all,
>>
>> one of the favorite subjects in my company seems to be the strength of
>> passwords. We force our users to change their mail password every 90 days.
>> Does this make sense? Why?
>>
>> --
>> ullmic
>
>
>--
>Richard Shetron multics@ruserved.com multics@acm.rpi.edu NO UCE
>What is the Meaning of Life? There is no meaning,
>It's just a consequence of complex carbon based chemistry; don't worry about it
>The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.
- Next message: Benjamin Meade: "RE: Web Log Analyzer"
- Previous message: Shanna Daly: "RE: passwords"
- In reply to: multics@ruserved.com: "Re: passwords"
- Next in thread: Ross Nelson: "Re: passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
