Re: Minimum password requirements

From: Ansgar -59cobalt- Wiechers (
Date: 07/25/04

  • Next message: greg.jensen: "Re: antivirus for linux"
    Date: Sun, 25 Jul 2004 01:38:29 +0200

    On 2004-07-22 wrote:
    > Steve wrote:
    > > We can discuss/argue all day long, but if you don't age passwords
    > > then you will fail almost any IT portion of an audit from an
    > > independent auditing organization.
    > Fair enough, but that doesn't really explain *why* it makes sense (or
    > even if it does).

    In my reply to Robert's mail I had mentioned one reason: to limit the
    time a cracked/leaked password can be used by an attacker.

    Ansgar Wiechers

    "Those who would give up liberty for a little temporary safety
    deserve neither liberty nor safety, and will lose both."
    --Benjamin Franklin
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at:

  • Next message: greg.jensen: "Re: antivirus for linux"