Educause Security Discussion mailing list archives
Re: Brute force credentials protection
From: "Maud, Phil" <P.H.Maud () CRANFIELD AC UK>
Date: Tue, 5 Mar 2019 11:18:29 +0000
This makes interesting reading https://ravingroo.com/295/active-directory-account-lockout-policy-threshold-counter-strong-password/ Regards Phil Maud Information Security Analyst Information Services, Building 63 (IT) G7 E: P.H.Maud () cranfield ac uk T: +44 (0) 1234 75 4879 -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mike Dronen Sent: 04 March 2019 20:04 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Brute force credentials protection All - Looks like it's been a while since this topic has come up in the forum. I'm wondering how you protect against brute force password attempts, i.e. two-factor auth. In our environment we set an attribute in AD to lock the user account for a prescribed period of time after four failed attempts. This appears to work for us. Just wondering if there are other mechanisms just as good or better? Thanks.
Current thread:
- Brute force credentials protection Mike Dronen (Mar 04)
- Re: Brute force credentials protection Maud, Phil (Mar 05)
- Re: Brute force credentials protection Laverty, Patrick (Mar 05)
- Re: Brute force credentials protection Dexter Caldwell (Mar 05)
- <Possible follow-ups>
- Re: Brute force credentials protection Mike Dronen (Mar 05)
- Re: Brute force credentials protection randy (Mar 05)
- Re: Brute force credentials protection Brad Judy (Mar 05)
- Re: Brute force credentials protection Tom Horton (Mar 05)
- Re: Brute force credentials protection Greg Williams (Mar 06)
- Re: Brute force credentials protection randy (Mar 05)
- Re: Brute force credentials protection Francisco Chavez (Mar 05)
- Re: Brute force credentials protection Maud, Phil (Mar 05)