Security Basics mailing list archives
Re: User Passwords and security risks
From: Damien Manuel <dm () xyplex org>
Date: Thu, 06 May 2004 19:44:07 +1000
Greetings,It appears that there is a real lack of statistical and informational evidence in this area.
Would anyone be interested in participating in a study to determine the real risks? Would it be worth doing? Anyone interested in helping if it is of value?
Regards, Damien Manuel At 04:59 PM 4/05/2004 -0400, Edward Miller wrote:
Damien, I wish I had some statistics in that area as well, but I haven't come across any. However, here is a little analogy that I have used in Security Awareness training about passwords. I wish I could take credit for creating it because it always gets a good laugh. The best part I think is that every user will remember two or three of these at least: Passwords Are Like Underwear 1. Change yours often. 2. Don't leave it lying around. 3. Don't share yours with anyone else. 4. The longer the better. 5. Be mysterious. Ed Miller
>Damien Manuel <dm () xyplex org> To: security-basics () securityfocus com
cc:
>05/03/2004 04:41 Subject: User Passwords and security risks
AM
>
Greetings, Does anyone have any statistics or raw data on the risks associated with user based passwords in terms of the frequency of easily guessable passwords and how different password policies and user education affects the outcome? Regards, Damien Manuel, CISSP. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- User Passwords and security risks Damien Manuel (May 03)
- <Possible follow-ups>
- Re: User Passwords and security risks tod (May 04)
- Re: User Passwords and security risks Edward Miller (May 06)
- Re: User Passwords and security risks Damien Manuel (May 06)
- Message not available
- RE: User Passwords and security risks damien (May 07)
- Re: User Passwords and security risks Damien Manuel (May 06)