Security Basics mailing list archives
Re: Security procedure question
From: "Mario A. Spinthiras" <mario () netway com cy>
Date: Wed, 27 Sep 2006 09:17:53 +0300
Saqib Ali wrote:
You might also check out our paper for '02 - "Strong Passwords are an Oxymoron"I don't buy this. Try using "cryptographically strong but Pronounceable password", and provide a SSO solution to the user. More details at: http://www.xml-dev.com/blog/index.php?action=viewtopic&id=122Single Sign On is a must if you want to enforce strong password policy....
Good morning Saqib,That makes two of us. My thoughts exactly!! A requirement for passwords is definately not if one can pronounce it. Id feel safer if a user COULD NOT pronounce it. That makes it extra safe for a user not to give it away verbally but then again it could increase the risk of it being written down. Therefore I suggest a compromise between the two since end-user stupidity cannot be avoided. No more thoughts on this for now since its early in the morning and I havent even had coffee yet. :)
Many Thanks, Mario A. Spinthiras --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Security procedure question, (continued)
- Re: Security procedure question Saqib Ali (Sep 22)
- Re: Security procedure question Mario A. Spinthiras (Sep 25)
- Re: Security procedure question Saqib Ali (Sep 25)
- Re: Security procedure question MandommGmail (Sep 25)
- Re: Security procedure question Mario A. Spinthiras (Sep 25)
- RE: Security procedure question Ken Kousky (Sep 26)
- Re: Security procedure question Daniel DeLeo (Sep 27)
- Re: Security procedure question Saqib Ali (Sep 27)
- Re: Security procedure question Mario A. Spinthiras (Sep 27)
- RE: Security procedure question Curtis Duck (Sep 27)
- RE: Security procedure question Paul Sutton (Sep 28)