Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking & Consequences

From: "Davis, Thomas R." <tdavis () IU EDU>
Date: Fri, 27 Aug 2004 14:05:40 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Mills
Sent: Friday, August 27, 2004 1:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Cracking & Consequences



IT staff knowingly cracking passwords is not a good practice.  

 
I hesitate to respond because this thread could go on for days, but
here I go!  ;-)

Whether or not password cracking by the good guys is a good practice
will vary based on circumstances IMHO.  For example, if you don't
have password expiration set for your accounts (that's another can of
worms), it might be nice to take a look at those stale passwords. 
What constitutes a good password changes over time.

This topic is akin to the debate over ethical hacking.

- -- 
Tom Davis, Information Technology Security Officer, CISSP, CISM
Office of the VP for Information Technology, Indiana University
PGP key or S/MIME certificate: https://www.itso.iu.edu/staff/tdavis/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQS+F5XMQ7XQGtBENEQJbwgCghJ6nJtMX/KotaoUuXCaYWD9es3cAn0yS
fXtLnHw+/+mg96I7cUf4ag77
=pcj0
-----END PGP SIGNATURE-----

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: