Re: Minimum password requirements

• Previous message: Jeremy Novak: "RE: Minimum password requirements"
• In reply to: dmargoli_at_stwing.org: "Re: Minimum password requirements"
• Next in thread: Dave Dyer: "RE: Minimum password requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 25 Jul 2004 01:38:29 +0200
To: security-basics@securityfocus.com

On 2004-07-22 dmargoli@stwing.org wrote:
> Steve wrote:
>
> > We can discuss/argue all day long, but if you don't age passwords
> > then you will fail almost any IT portion of an audit from an
> > independent auditing organization.
>
> Fair enough, but that doesn't really explain *why* it makes sense (or
> even if it does).

In my reply to Robert's mail I had mentioned one reason: to limit the
time a cracked/leaked password can be used by an attacker.

Regards
Ansgar Wiechers

-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Jeremy Novak: "RE: Minimum password requirements"
• In reply to: dmargoli_at_stwing.org: "Re: Minimum password requirements"
• Next in thread: Dave Dyer: "RE: Minimum password requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]