Re: Strong Passwords Revisited

From: nameless (namelyouress@myrealbclothesox.com)
Date: 02/14/03

• Next message: Fedex!: "Access Denied???"
• Previous message: Mike: "Re: Lockout Guest"
• In reply to: The Thinker: "Re: Strong Passwords Revisited"
• Next in thread: Ernst-Udo Wallenborn: "Re: Strong Passwords Revisited"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "nameless" <namelyouress@myrealbclothesox.com>
Date: Fri, 14 Feb 2003 20:40:52 GMT

The Thinker wrote:

> password management is a complicated problem. The issues highlighted
> by Calvin are commonly faced by most IT managers. The idea is to
> educate the user about the importance of complicated passwords and
> the ramifications that may emanate in the event of a compromise.
> Systemic changes and enforcing complex passwords on the system are of
> little avail unless changes are more structural, fundamental and
> sponsorship from the users.
>
> I used to advise my clients to enforce complex passwords (through
> passfilt) and periodic changing of passwords. But at the same time I
> also made it clear that unless users do not realize the importance of
> passwords, helpdesk calls would continue to increase.

The most idiotic circumstance is that which prevaled at my former
workplace. There, they forced frequent password changes, but did *not*
require strong passwords. So, what is a user to do, faced with the task
of changing and remembering umpteen million passwords? They use short,
simple passwords, and they recycle them often, and use the same ones on
different platforms and systems, that's what. I always thought it would
have been better to NOT require such frequent password changes, but DO
require some complexity, if anything. Oh, whatever.

-- 
Free, simple, and effective encryption: <http://snurl.com/clipsecure>
Reliable partitioning and imaging: <http://www.bootitng.com>
Improve Outlook Express for free: <http://jump.to/oe-quotefix>
STOP 0x0000003R: DONT_ASK_BECAUSE_WE_DONT_KNOW

• Next message: Fedex!: "Access Denied???"
• Previous message: Mike: "Re: Lockout Guest"
• In reply to: The Thinker: "Re: Strong Passwords Revisited"
• Next in thread: Ernst-Udo Wallenborn: "Re: Strong Passwords Revisited"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Strong Passwords Revisited ... > password management is a complicated problem. ... > Systemic changes and enforcing complex passwords on the system are of ... have been better to NOT require such frequent password changes, ... (comp.os.ms-windows.nt.admin.security) Re: Strong Passwords Revisited ... > password management is a complicated problem. ... > Systemic changes and enforcing complex passwords on the system are of ... have been better to NOT require such frequent password changes, ... (comp.security.misc) Re: Strong Passwords Revisited ... > password management is a complicated problem. ... > Systemic changes and enforcing complex passwords on the system are of ... have been better to NOT require such frequent password changes, ... (alt.computer.security) SV: Password management WAS: local admin compromised ... Subject: SV: Password management WAS: local admin compromised ... Otherwise I agree with the sentiment that passwords should be protected ... >local Admin accounts do not share their passwords with any ... (Focus-Microsoft) Re: Password applications ... But because the passwords are actually stored using the Keychain, ... The whole point of password management is that you don't need to remember ... and that has phone home functions. ... (comp.sys.mac.apps)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint