Security Basics mailing list archives
Re: Password Management
From: nightwatchman () comcast net
Date: 21 Apr 2006 18:13:45 -0000
Passwords should: 1.) change every 90 days 2.) contain atleast a combination of 3 classes of characters i.e. one or more uppercase, lowercase, non alpha numeric, and numeric. 3.) not be the same as the person's name, address or birthday or easily guessed from a person's personal information. 4.) not be written down. 5.) difficult to guess but easy to remember - phrases with substituted character classes seem to be easy to remember and work best for this. 6.) should not be stored unencrypted 7.) centrally managed in an authentication system. 8.) they shouldnt be shared with other users. Service accounts ofcourse aren't subject to the 90 day limit. ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Re: PenTest Checklist, (continued)
- Re: PenTest Checklist Rodrigo Buarque Ramos (Apr 24)
- RE: PenTest Checklist Carl Davis (Apr 26)
- RE: Password Management Chandra, Sharath V Ctr SAF/FMPT (Apr 21)
- RE: Password Management Andrew Williams (Apr 21)
- RE: Password Management Crawley, Jim (Apr 21)
- Re: Password Management Jason T. Hallahan (Apr 21)
- Re: Password Management Kelly Martin (Apr 21)
- Re: Password Management Turk (Apr 24)
- Re: Password Management Micheal Espinola Jr (Apr 24)
- Re: Password Management Jason T. Hallahan (Apr 21)
- RE: Password Management Lorteau Clement (Apr 21)
- Re: Password Management nightwatchman (Apr 21)
- Re: Password Management Bill Cullen (Apr 24)
- Re: Password Management Alexander Bolante (Apr 24)
- Re: Password Management l00t3r (Apr 24)
- RE: Password Management Christopher Carpenter (Apr 24)
- Re: Password Management Stephen John Smoogen (Apr 24)
- RE: Password Management Donald N Kenepp (Apr 25)
- RE: Password Management cv arun (Apr 25)
- Re: Password Management Ansgar -59cobalt- Wiechers (Apr 26)
- RE: Password Management Utz, Ralph (Apr 24)
- Re: Password Management James Harless (Apr 24)