Educause Security Discussion mailing list archives
Re: Please do not change your password
From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Thu, 15 Apr 2010 19:18:23 -0700
Yeah, for New York Giants I would suggest something like: BigCity Tall boys 17 characters and 3 classes old white midgets win by one point 34 characters and 2 classes old white midgets win by 1 point 32 characters and 3 classes old white midgets win by 1,000 points 37 characters and 4 classes (for those that want complexity) November Yankee Giants 22 characters and 3 classes -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex Keller Sent: Thursday, April 15, 2010 3:50 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Please do not change your password re: Now apply the rules which were discussed an you come up with something like: Ny_G1@nts I used to recommend this same technique until I discovered that many of the more modern hybrid dictionary/brute force password guessing tools can be easily configured to check for common obfuscation substitutions: @ for a, 1 for i, 3 for e, $ for s, etc. best, alex -- Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu On 4/15/2010 10:46 AM, Don Cochran wrote: In our course we teach the learner to choose an easy to remember, but hard to guess password and suggest that a password such as your favorite football team would be a good choice. We then teach them how to apply a couple easy to follow rules….after discussing and showing them an example. Ex: New York Giants…pretty easy to remember, huh? Now apply the rules which were discussed an you come up with something like: Ny_G1@nts At least 8 characters long, and a mix of cap and non-cap letters, numbers and special characters. Don Cochran Director, Business Development SCIPP International 1964 Gallows Road, Suite 320 Vienna, Virginia 22182 United States of America +1 703.637.4422 (Direct) +1 703.599-0666 (Cell) +1 703. 637-4371 (Fax) www.SCIPPinternational.org Ansi100x100.jpg SCIPP International "The Security Awareness Certification Company"
Current thread:
- Re: Please do not change your password, (continued)
- Re: Please do not change your password John Ladwig (Apr 15)
- Re: Please do not change your password Paul Kendall (Apr 15)
- Re: Please do not change your password Bob Bayn (Apr 15)
- Re: Please do not change your password Valdis Kletnieks (Apr 15)
- Re: Please do not change your password Don Cochran (Apr 15)
- Re: Please do not change your password Steve Werby (Apr 15)
- Re: Please do not change your password Alex Keller (Apr 15)
- Re: Please do not change your password John Ladwig (Apr 15)
- Re: Please do not change your password Tom Talley (Apr 15)
- Re: Please do not change your password Eric Case (Apr 15)
- Re: Please do not change your password Eric Case (Apr 15)
- Re: Please do not change your password John Ladwig (Apr 15)
- Re: Please do not change your password Geoff Nathan (Apr 16)
- Re: Please do not change your password Allison Dolan (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Valdis Kletnieks (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Koerber, Jeff (Apr 16)
- Re: Please do not change your password Eric Case (Apr 16)
- Re: Please do not change your password Matthew Gracie (Apr 16)
- Re: Please do not change your password Steve Werby (Apr 16)
(Thread continues...)