Re: remote desktop issues

In message <eDw1I6LAIHA.2268@xxxxxxxxxxxxxxxxxxxx> "Al Dunbar"
<AlanDrub@xxxxxxxxxxxxxxxxxxx> wrote:

I'd guess we all agree that there are significant problems with account
lockout. My own view on password complexity is that if everyone created
passwords that appeared to be truly random, that would be the most secure.
Trouble is, as DevilsPGD says, the "rules" imposed often become,
effectively, templates to simplify the task of guessing passwords.
Conversely, with no complexity, you still get passwords that are not
complex, or that follow the "elephant1", "elephant2" approach.

Length is an issue too. I'd put money down that
"heylookihaveasecurepassword" would outlast any "strong" 8 character
password.

Plus, people have a chance at remembering passphrases (And can
stickynote the topic of the phrase to the monitor), whereas getting most
users to memorize a randomly generated strong password over 4 characters
will pretty much always involve a sticky note.

--
You can get more with a kind word and a 2x4 than just a kind word.
.

Relevant Pages

  • Re: Unable to create user
    ... secure your network. ... Having said that to disable password complexity make ... The password does not meet the password policy requirements. ...
    (microsoft.public.windows.group_policy)
  • Re: remote desktop issues
    ... believer that password complexity and lockout rules cause far more harm ... arguing with folks who are true believers is usually ... Is a password with an incrementing digit on the end any more secure then ... You can get more with a kind word and a 2x4 than just a kind word. ...
    (microsoft.public.windows.server.security)
  • Re: Remote desktop security bugs ..............................?
    ... changing the standard port of 3389 to something else, ... making it more secure. ... > I agree with WimvV, and recommend logging, lockouts and password complexity. ...
    (microsoft.public.windowsxp.work_remotely)