Re: remote desktop issues


"DevilsPGD" <spam_narf_spam@xxxxxxxxxxxx> wrote in message
news:upilf3pl2lf9q9l5vtnuh6cl2kouv3j82m@xxxxxxxxxx
In message <OK5dAVCAIHA.5328@xxxxxxxxxxxxxxxxxxxx> "S. Pidgorny <MVP>"
<slavickp@xxxxxxxxx> wrote:

G'day:

"DevilsPGD" <spam_narf_spam@xxxxxxxxxxxx> wrote in message

How unfortunate. Firewalls are certainly mandatory, but I am a firm
believer that password complexity and lockout rules cause far more harm
then good.

Unfortunately, arguing with folks who are true believers is usually
pointless as they are unwilling to consider alternate possibilities.

You happen to be even more radical in your views than I am.... What's
wrong
with the password complexity rules?

In general, people create stupid passwords. Complexity rules make this
worse, not better.

Turn on a requirement to have a number, they add a number to the end,
usually a zero or a one.

Turn on a requirement to add a punctuation, 99% of users add a "!" to
the end.

A capital letter? That's usually the first letter.

So here's the thing, what's more secure, eight letters in a row, or six
letters, a single digit and single punctuation mark?

Is a password with an incrementing digit on the end any more secure then
a password without an incrementing digit?

I'd take a sufficient passphrase over complexity rules.

I'd guess we all agree that there are significant problems with account
lockout. My own view on password complexity is that if everyone created
passwords that appeared to be truly random, that would be the most secure.
Trouble is, as DevilsPGD says, the "rules" imposed often become,
effectively, templates to simplify the task of guessing passwords.
Conversely, with no complexity, you still get passwords that are not
complex, or that follow the "elephant1", "elephant2" approach.

/Al


.