Re: Password Quality checker

---

• From: Arun Bhaskar <arun.bhaskar.k@xxxxxxxxx>
• Date: Fri, 29 Dec 2006 16:04:31 +0530

---

Hi Johnny,

You can try using javascript functions to validate input (i.e. user passwords ) in a text field based on your password complexity requirements and put the page on your internal web server.

Regards,
Arun Bhaskar Kondoth

Johnny Wong wrote:

Hello Nic,

Thanks for the reply. I was looking for a tool for users to check whether the passwords they choose meet the organization's policy. Not a tool to test the strength of the existing passwords. Most likely a web portal for them to enter the "potential" password, and the portal will determine whether it meets the standards.

Rgds,
JW

At 08:48 AM 26/12/2006, Nic Stevens wrote:

You cannot check the quality of "Unix/Linux" passwords as it's a one-way encryption so it must be done at the time the user (or admin) sets the password. With PAM based authentication on *nix there are ways of enforcing stronger passwords standards than the default.
As far as Windows goes I have no experience with security.

-Nic


Johnny Wong wrote:

Hello all,

I was wondering if your organization deploys any password quality checking tool to help users select policy-compliant passwords? Be it web-based or client based. I am thinking what type of requirements do you use to select such tools, and what are the examples out there?

My thoughts:
1) It should not store the user's passwords (be it pass or fail)
2) It should be able to handle complexity rules (or align with Windows GPO)
3) It should also work with Unix/Linux passwords

Thanks,
JW

--
Captiain! We've been hit. The only damage so far is the self-destruct
mechanism which, apparently has destroyed itself.

---

• References:
  • Password Quality checker
    • From: Johnny Wong
  • Re: Password Quality checker
    • From: Johnny Wong

• Prev by Date: Re: Basic question about remote registry on Windows
• Next by Date: RE: Basic question about remote registry on Windows
• Previous by thread: Re: Password Quality checker
• Next by thread: RE: Password Quality checker
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Password Complexity Problem ... Thanks for the repsonse, however I have tried it all. ... policy change "passwords must meet complexity ... >to disable all the password complexity requirements? ... (microsoft.public.windows.server.networking) Re: passwords ... I haven't done the math to see how much harder SECURITY/3000 would make this, assuming session passwords. ... I suspect that finding out a company's password complexity requirements cuts the time to brute force dramatically, by allowing one to not test for simple passwords. ... To join/leave the list, search archives, change list settings, * ... (comp.sys.hp.mpe) Re: Password Quality checker ... I was looking for a tool for users to check whether the passwords they choose meet the organization's policy. ... With PAM based authentication on *nix there are ways of enforcing stronger passwords standards than the default. ... It should be able to handle complexity rules (or align with Windows GPO) ... (Security-Basics) RE: Password Quality checker ... Because javascript runs in the browser on the client side, ... cannot absolutely rely on it to do input validation -- and under ... whether the passwords they choose meet the organization's ... Windows GPO) ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2006-12