Re: remote desktop issues
- From: DevilsPGD <spam_narf_spam@xxxxxxxxxxxx>
- Date: Thu, 27 Sep 2007 10:47:59 -0600
In message <OZ7wNYOAIHA.4164@xxxxxxxxxxxxxxxxxxxx> "S. Pidgorny <MVP>"
<slavickp@xxxxxxxxx> wrote:
Fair enough. The thing is that the requirement of "sufficient" passphrase
_is_ a form of password complexity requirement. Not easily enforced - ask
for 48-character long password, and you'll get a lot of "Paaaa..aaasword1"
as the passwords.
Yeah, true enough. It takes user education as much as anything else.
I'd be interested in requiring passphrases (requiring there to be at
least 5 different dictionary words, for example) as a possible solution
to users creating stupid passwords.
Some users will end up with similar passwords, true enough, but it will
change the scope of brute forcing anything.
My choice is strong authentication, like a smart card. The alternative
(sozialist approach) is to have passwords centrally assigned by Politburo.
What you have, instead of what you know. I'm less thrilled with that,
since it means if I lose the smartcard, access is compromised until I
notice.
If you combine it with a password, we're back to the same problem above
(although obviously we've raised the bar pretty significantly -- I'm not
knocking smartcards, just pointing out that they aren't a replacement
for passwords)
--
You can get more with a kind word and a 2x4 than just a kind word.
.
- References:
- RDP: remote desktop issues
- From: Al Dunbar
- Re: remote desktop issues
- From: Al Dunbar
- Re: remote desktop issues
- From: DevilsPGD
- Re: remote desktop issues
- From: DevilsPGD
- RDP: remote desktop issues
- Prev by Date: Re: remote desktop issues
- Next by Date: Re: NTBU error
- Previous by thread: Re: remote desktop issues
- Next by thread: Re: remote desktop issues
- Index(es):
Relevant Pages
|
