Re: Benefits and drawbacks of password complexity
From: Marlon Brown (marlon_brown@hotmail.com)
Date: 02/11/03
- Next message: ANIXIS: "Re: Benefits and drawbacks of password complexity"
- Previous message: Brent Glaser: "Re: My Documents not secure between users"
- In reply to: Russ: "Re: Benefits and drawbacks of password complexity"
- Next in thread: Karl Levinson [x y] mvp: "Re: Benefits and drawbacks of password complexity"
- Reply: Karl Levinson [x y] mvp: "Re: Benefits and drawbacks of password complexity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Marlon Brown" <marlon_brown@hotmail.com> Date: Mon, 10 Feb 2003 16:28:17 -0800
Ok, wait a minute:
I don't want people using
password
1111111
aaaaaa
If I enable 6 characters (and I do not enable password complexity) they
should be able to use any of the weak passwords above.
I want them using alphanumeric passwords, otherwise getting blocked. In that
case
password1
aaaaaaa1
Would be valid.
"Russ" <rwsinclair@mcpmail.com> wrote in message
news:083501c2d141$8550ce20$3001280a@phx.gbl...
> In W2K you can enable "Passwords must meet complexity
> requirements," which accomplishes the same thing as
> passfilt.
> As I said, this makes Password1 a good password, so it's a
> baby step. There are a lot of 3rd party products that can
> be more granular, and use dictionary checks.
>
> >-----Original Message-----
> >I mentioned passfilt.dll because if I want to enforce an
> alphanumeric
> >password I would need to do that.
> >In Win2K you have option to select the length of
> characters and that's all.
> >I mean, if you select 6 characters, as you
> mentioned "123456" or "aaaaaa"
> >would be acceptable, and that's is a bad thing. If
> password complexity is
> >too much, at least something like "a123456" or "1aaaaaa"
> would be stronger,
> >I think.
> >
> >
> >
> >
> >
> >"Russ" <rwsinclair@mcpmail.com> wrote in message
> >news:06ce01c2d114$c8d134a0$d5f82ecf@TK2MSFTNGXA12...
> >> Realized after posting that if this is W2K, there is no
> >> passfilt, it's just a check box to accomplish the same
> >> thing.
> >>
> >> >-----Original Message-----
> >> >I'm not sure why you think you need your own passfilt.
> >> >
> >> >Without passfilt, you can do all the things you listed,
> >> >although 6 characters could be anything (including, as
> I
> >> >found out in my environment, 123456 or aaaaaa).
> Passfilt
> >> >forces 3 of 4 of upper case, lower case, number,
> special
> >> >character, which makes Password1 valid.
> >> >
> >> >It's a fine line between a strong password that the
> user
> >> >can remember, and one that will be written down, but
> with
> >> >no complexity requirement at all, you're pretty much
> wide
> >> >open. I kind of like the sentence approach suggested
> by
> >> >Peter.
> >> >
> >> >>-----Original Message-----
> >> >>My company has +3,000 users. I need to enable password
> >> >>policies there. Management wants just 6 characters
> >> >>alphanum passwords (and then I have to create my own
> >> >>passfilt.dll). I would enforce lockout (3 times),
> >> >>password history=11, too.
> >> >>
> >> >>I thought a 6 characters "password complexity" would
> be
> >> >>stronger. But they came up with the following
> argument:
> >> >>
> >> >>"If you have this password complexity and forcing
> users
> >> >>to change it every 6 months, people will have a
> tendency
> >> >>to write the passwords in a piece of paper, because it
> >> is
> >> >>hard to remember and come up with new difficult
> >> passwords
> >> >>such as PaSsword10$". What do you think ?
> >> >>
> >> >>
> >> >>.
> >> >>
> >> >.
> >> >
> >
> >
> >.
> >
- Next message: ANIXIS: "Re: Benefits and drawbacks of password complexity"
- Previous message: Brent Glaser: "Re: My Documents not secure between users"
- In reply to: Russ: "Re: Benefits and drawbacks of password complexity"
- Next in thread: Karl Levinson [x y] mvp: "Re: Benefits and drawbacks of password complexity"
- Reply: Karl Levinson [x y] mvp: "Re: Benefits and drawbacks of password complexity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|