Re: Password Compexity and Dictionary Lookups
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Tue, 22 Jan 2008 20:19:58 -0700
It is highly likely your users need to be informed accurately,
but that you do not have a full grasp on the complexity rules.
What do you think they are? In addition to length and change
frequency (separate settings) the complexity requirements are
not just use of 3 of the 4 character sets, but also one cannot
include user name (and there are the other settings controlling
reuse of passwords).
Keep in mind that the existing complexity rules are close to
meaningless, as such as 1Password! will pass but will get
discovered in a rainbow table attempt in very little time.
Perhaps you should not just inform your users of the minimum
to meet the complexity rules, but also advise them on what
makes for a good password (ex. a long phrase).
Roger
"Howard Goldstein" <HowardGoldstein@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:81748CC2-DBF6-4629-B92F-D882F7F56EE2@xxxxxxxxxxxxxxxx
We are getting ready to implement complex passwords in our domain. I've
done
some testing and it seems there are times when even though I'm meeting all
of
the complex passwords requirements, it will still not accept my new
password.
I'm curious if by implementing more complex passwords, there is also a
requirement that the passwords can not be easily subjected to dictionary
lookups? I haven't been able to find anything that talks about this so I
was
just wondering if it's something I need to warn my users about.
.
- Prev by Date: Re: Removing Anti-Virus Software
- Next by Date: Re: How to allow Read only access to a folder but Write access to cont
- Previous by thread: Re: Removing Anti-Virus Software
- Next by thread: Re: How to allow Read only access to a folder but Write access to cont
- Index(es):
