Re: Minimum password requirements

From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 07/25/04

  • Next message: greg.jensen: "Re: antivirus for linux"
    Date: Sun, 25 Jul 2004 01:38:29 +0200
    To: security-basics@securityfocus.com
    
    

    On 2004-07-22 dmargoli@stwing.org wrote:
    > Steve wrote:
    >
    > > We can discuss/argue all day long, but if you don't age passwords
    > > then you will fail almost any IT portion of an audit from an
    > > independent auditing organization.
    >
    > Fair enough, but that doesn't really explain *why* it makes sense (or
    > even if it does).

    In my reply to Robert's mail I had mentioned one reason: to limit the
    time a cracked/leaked password can be used by an attacker.

    Regards
    Ansgar Wiechers

    -- 
    "Those who would give up liberty for a little temporary safety
    deserve neither liberty nor safety, and will lose both."
    --Benjamin Franklin
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: greg.jensen: "Re: antivirus for linux"