Security Basics mailing list archives
Re: Password Management
From: l00t3r <l00t3r () gmail com>
Date: Mon, 24 Apr 2006 15:13:23 -0400
Bruce Schneier once upon a time wrote in his blogs, as so did Microsoft about writing your passwords down. Articles are below for you to read, summed up it's better to write down "tough" passwords and use multiple ones than to chose one that is easier to remember and use it for multiple systems. http://tinyurl.com/astwh http://tinyurl.com/8tuz3 On 21 Apr 2006 18:13:45 -0000, nightwatchman () comcast net <nightwatchman () comcast net> wrote:
Passwords should: 1.) change every 90 days 2.) contain atleast a combination of 3 classes of characters i.e. one or more uppercase, lowercase, non alpha numeric, and numeric. 3.) not be the same as the person's name, address or birthday or easily guessed from a person's personal information. 4.) not be written down. 5.) difficult to guess but easy to remember - phrases with substituted character classes seem to be easy to remember and work best for this. 6.) should not be stored unencrypted 7.) centrally managed in an authentication system. 8.) they shouldnt be shared with other users. Service accounts ofcourse aren't subject to the 90 day limit. ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- RE: Password Management, (continued)
- RE: Password Management Andrew Williams (Apr 21)
- RE: Password Management Crawley, Jim (Apr 21)
- Re: Password Management Jason T. Hallahan (Apr 21)
- Re: Password Management Kelly Martin (Apr 21)
- Re: Password Management Turk (Apr 24)
- Re: Password Management Micheal Espinola Jr (Apr 24)
- Re: Password Management Jason T. Hallahan (Apr 21)
- RE: Password Management Lorteau Clement (Apr 21)
- Re: Password Management nightwatchman (Apr 21)
- Re: Password Management Bill Cullen (Apr 24)
- Re: Password Management Alexander Bolante (Apr 24)
- Re: Password Management l00t3r (Apr 24)
- RE: Password Management Christopher Carpenter (Apr 24)
- Re: Password Management Stephen John Smoogen (Apr 24)
- RE: Password Management Donald N Kenepp (Apr 25)
- RE: Password Management cv arun (Apr 25)
- Re: Password Management Ansgar -59cobalt- Wiechers (Apr 26)
- RE: Password Management Utz, Ralph (Apr 24)
- Re: Password Management James Harless (Apr 24)
- Re: Password Management James Harless (Apr 24)
- Re: Password Management Derek Schaible (Apr 25)
- Re : Password Management frrrwww-ml (Apr 25)