Educause Security Discussion mailing list archives
Re: Please do not change your password
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Thu, 15 Apr 2010 22:56:17 -0500
Points for going over 14 characters and forcing the password over the old? NTLM hash algorith.
-jml
-----Original Message-----
From: Eric Case
Sent: 2010-04-15 21:19:17
To: Eric Case;The EDUCAUSE Security Constituent Group Listserv
Cc:
Subject: Re: [SECURITY] Please do not change your password
Yeah, for New York Giants I would suggest something like:
BigCity Tall boys
17 characters and 3 classes
old white midgets win by one point
34 characters and 2 classes
old white midgets win by 1 point
32 characters and 3 classes
old white midgets win by 1,000 points
37 characters and 4 classes
(for those that want complexity)
November Yankee Giants
22 characters and 3 classes
-Eric
Eric Case, CISSP
eric (at) ericcase (dot) com
http://www.linkedin.com/in/ericcase
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex
Keller
Sent: Thursday, April 15, 2010 3:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Please do not change your password
re: Now apply the rules which were discussed an you come up with something like:
Ny_G1@nts
I used to recommend this same technique until I discovered that many of the more modern hybrid dictionary/brute force
password guessing tools can be easily configured to check for common obfuscation substitutions: @ for a, 1 for i, 3 for
e, $ for s, etc.
best,
alex
--
Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu
On 4/15/2010 10:46 AM, Don Cochran wrote:
In our course we teach the learner to choose an easy to remember, but hard to guess password and suggest that a
password such as your favorite football team would be a good choice.
We then teach them how to apply a couple easy to follow rules….after discussing and showing them an example.
Ex: New York Giants…pretty easy to remember, huh?
Now apply the rules which were discussed an you come up with something like:
Ny_G1@nts
At least 8 characters long, and a mix of cap and non-cap letters, numbers and special characters.
Don Cochran
Director, Business Development
SCIPP International
1964 Gallows Road, Suite 320
Vienna, Virginia 22182
United States of America
+1 703.637.4422 (Direct)
+1 703.599-0666 (Cell)
+1 703. 637-4371 (Fax)
www.SCIPPinternational.org
Ansi100x100.jpg SCIPP International
"The Security Awareness Certification Company"
Current thread:
- Re: Please do not change your password, (continued)
- Re: Please do not change your password Paul Kendall (Apr 15)
- Re: Please do not change your password Bob Bayn (Apr 15)
- Re: Please do not change your password Valdis Kletnieks (Apr 15)
- Re: Please do not change your password Don Cochran (Apr 15)
- Re: Please do not change your password Steve Werby (Apr 15)
- Re: Please do not change your password Alex Keller (Apr 15)
- Re: Please do not change your password John Ladwig (Apr 15)
- Re: Please do not change your password Tom Talley (Apr 15)
- Re: Please do not change your password Eric Case (Apr 15)
- Re: Please do not change your password Eric Case (Apr 15)
- Re: Please do not change your password John Ladwig (Apr 15)
- Re: Please do not change your password Geoff Nathan (Apr 16)
- Re: Please do not change your password Allison Dolan (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Valdis Kletnieks (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Koerber, Jeff (Apr 16)
- Re: Please do not change your password Eric Case (Apr 16)
- Re: Please do not change your password Matthew Gracie (Apr 16)
- Re: Please do not change your password Steve Werby (Apr 16)
- Re: Please do not change your password Kevin Kelly (Apr 16)
(Thread continues...)