Educause Security Discussion mailing list archives
Re: Measures of detecting breached email accounts
From: Valdis Kletnieks <valdis.kletnieks () VT EDU>
Date: Sat, 9 Dec 2017 03:34:50 -0500
On Fri, 08 Dec 2017 14:14:23 -0800, Joseph Tam said:
In another scenario, s student shoulder surfs an office staff members, gets a rough idea of keyboard location of the password, then tries variations from your local WiFi. That's tough, and I concede if you investigated that, it could have caught the student. However, as I pointed out, the problem is differentiating this from the 100x more likely scenario that someone fat fingered their password.
Note that this can be distinguished from "somebody forgot to update the saved password" because a student trying different passwords won't be issuing the attempts every 5 minutes on the nose. Similarly, most "trying a variant on a broken password software" won't spread the attempts out and try a new variant every 5 minutes, because that ends up lowering the success rate. So you can distinguish both those cases from "forgot to update password". And if somebody *does* have a legit reader that *does* start looping and hammering on one password every millisecond when it fails to authenticate, and as a result looks like a password cracker, you *still* want to know about it, just so you can tell the user to update his damned software so it's not bogging down your LDAP (or whatever) infrastructure.
Attachment:
_bin
Description:
Current thread:
- Re: Measures of detecting breached email accounts, (continued)
- Re: Measures of detecting breached email accounts Frank Barton (Dec 05)
- Re: Measures of detecting breached email accounts Keenan Martinez (Dec 06)
- Re: Measures of detecting breached email accounts Kevin Crider (Dec 07)
- Re: Measures of detecting breached email accounts Keenan Martinez (Dec 05)
- Re: Measures of detecting breached email accounts Keenan Martinez (Dec 06)
- Re: Measures of detecting breached email accounts Valdis Kletnieks (Dec 06)
- Re: Measures of detecting breached email accounts Valdis Kletnieks (Dec 07)
- Re: Measures of detecting breached email accounts Valdis Kletnieks (Dec 09)