RE: Password creating Theories

From: Andrew Williams (Andrew_at_Syngress.com)
Date: 11/18/05

  • Next message: Jonathan Loh: "Re: a dns/named help?" 
    Date: Fri, 18 Nov 2005 11:33:44 -0500
To: <DFiore.FMS@gmail.com>, "dave kleiman" <dave@isecureu.com>, <security-basics@securityfocus.com>

    Hi David,

    The title is "Perfect Passwords: Selection, Protection, Authentication"
    http://www.amazon.com/gp/product/1597490415/104-2058717-7732767?v=glance
    &n=283155&s=books&v=glance

    Andrew
     

    > -----Original Message-----
    > From: David Fiore [mailto:dfiore.fms@gmail.com]
    > Sent: Friday, November 18, 2005 11:27 AM
    > To: dave kleiman; security-basics@securityfocus.com
    > Cc: 'Jennifer Fountain'; Andrew Williams; 'Saqib Ali'
    > Subject: RE: Password creating Theories
    >
    > Guys,
    >
    > What is the Title of the book? I'd like to purchase it since
    > I'm in the same boat that Jennifer is in.
    >
    > Thanks,
    >
    > David
    > ( I live for user training :) )
    >
    >
    >
    > -----Original Message-----
    > From: dave kleiman [mailto:dave@isecureu.com]
    > Sent: Wednesday, November 16, 2005 2:39 PM
    > To: security-basics@securityfocus.com
    > Cc: 'Jennifer Fountain'; 'Andrew Williams'; 'Saqib Ali'
    > Subject: RE: Password creating Theories
    >
    > Saqib,
    >
    > I have been tasked with tech-editing the book (with Mark that
    > is fairly easy job).
    >
    > I feel one of the great benefits to this book is Mark has
    > explained things in a way the most novice of users can
    > understand. Now there are some chapters that are for the
    > Admin type users where he goes into Rainbow tables and such.
    >
    > However, this is book to help ease the Admins job, you as an
    > Admin could give this book to your end users and they would
    > begin to "see the light" of what you are trying to accomplish
    > in a password policy.
    >
    > Additionally, it may help some of the super-techie Admins
    > understand why the end user was not grasping the concept.
    >
    > An example: 1 of many cool methods Mark uses to show the
    > affect of password length, is using the old Bicycle
    > Combination locks, you know the old 3 digit ones we all had
    > or saw as kids, and how long it would take to crack, as
    > opposed to one with just 1 or 2 more digits. All I can say
    > is a spent about
    > 3 hours out in the garage....
    >
    > It is a fun and excellent book. (Note: I do not get a dime
    > for any sales of the book)
    >
    >
    > Dave
    >
    >
    >
    >
    >
    >
    > -----Original Message-----
    > From: Andrew Williams [mailto:Andrew@Syngress.com]
    > Sent: Tuesday, November 15, 2005 16:35
    > To: Saqib Ali
    > Cc: Jennifer Fountain; security-basics@securityfocus.com
    > Subject: RE: Password creating Theories
    >
    > When I first started discussing the book with the author
    > (Mark Burnett), I thought a whole book on the topic seemed
    > a bit much as well. But, the more I saw of Mark's
    > manuscript, the more intrigued/interested I became in the idea.
    >
    > The book is relatively short, 200 pages total. So, we
    > realized this couldn't be a door stop. The book is for
    > both sys admins/infosec pros as well as users. One of the
    > book's primary goals is to provide admins w/ strategies
    > and polices they can convey to their users so that users
    > will consistently create strong passwords that they can
    > actually remember as well.
    >
    > It is also kind of a fun read with interesting facts,
    > stats, etc.; like the 500 worst passwords of all time, etc.
    >
    > Best,
    > A
    >
    > > -----Original Message-----
    > > From: Saqib Ali [mailto:docbook.xml@gmail.com]
    > > Sent: Tuesday, November 15, 2005 4:18 PM
    > > To: Andrew Williams
    > > Cc: Jennifer Fountain; security-basics@securityfocus.com
    > > Subject: Re: Password creating Theories
    > >
    > > having a whole book dedicated to Password building seems an
    > > overkill....
    > >
    > > who will be the target audience?-
    > >
    > > On 11/15/05, Andrew Williams <Andrew@syngress.com> wrote:
    > > > We're actually about to publish a book on
    > ideas/strategies for
    > > > building passwords and password policies. We have a
    > sample chapter
    > > > available on
    > >
    > > In Peace,
    > > Saqib Ali
    > > http://www.xml-dev.com/blog/
    > > Consensus is good, but informed dictatorship is better.
    > >
    >
    >
    >
    >

  • Next message: Jonathan Loh: "Re: a dns/named help?"

    Relevant Pages

    • Re: How To Enabling a Password Policy
      ... > passwords is on the system configuration side not the ... limited testing running this on a Win2K Pro workstation to force admins ... to change their passwords over X days old (set on PDC). ... ::Avoid admins whose accounts are set never to expire. ...
      (microsoft.public.win2000.security)
    • Re: Password Change Management
      ... let's say you have a group of admins with root/admin passwords to everything. ... Many password problems can be handled by having admins use sudo or be a member of an administrators group, etc., but there are times when this isn't possible and I'd like to find a way to improve the process. ... Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. ...
      (Security-Basics)
    • RE: Height of paranoia
      ... having them change their passwords would be my first thought. ... I am the security guy. ... bounds by system/domain admins. ... I have a feeling that their port 3389 gets ...
      (Security-Basics)
    • Re: How To Enabling a Password Policy
      ... > passwords is on the system configuration side not the ... limited testing running this on a Win2K Pro workstation to force admins ... to change their passwords over X days old (set on PDC). ... ::Avoid admins whose accounts are set never to expire. ...
      (microsoft.public.win2000.security)
    • RE: [Full-Disclosure] Removing FIred admins
      ... Only the senior administrator and the CTO have the root password to the ... The senior admin does not "own" and servers, ... manager for all of the other admins. ... > local and domain administrator passwords on our Unix and Windows ...
      (Full-Disclosure)