Firewall Wizards mailing list archives
RE: "Proactive" Password Checking
From: "Anton J Aylward" <anton () the-wire com>
Date: Fri, 5 Nov 1999 12:15:45 -0500
Fred Cohen wrtote the definitive article on this: http://all.net/journal/netsec/9709.html "Change Your Password Doe See Doe" /anton aylward
-----Original Message----- From: Rick Smith Sent: Friday, November 05, 1999 10:41 AM In my experience, if you force people to use complicated, hard to remember passwords, and you force them to change them often, then a nonzero percentage will start writing their passwords down. Given that, you should modify user security policies and procedures to identify relatively safe ways of writing the passwords down. So you have to decide whether the bigger risk is an attack by someone with a password cracker or theft of a piece of paper with someone's password. If you really, really want to have hard to crack passwords and you want to avoid having them in writing, then leave passwords in place for a year or more at a time. That gives people a chance to memorize them. Once memorized, the pieces of paper will start to disappear, reducing the risk of one being found.
Current thread:
- "Proactive" Password Checking Jim Raykowski (Nov 04)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 05)
- Re: "Proactive" Password Checking Bill Pennington (Nov 05)
- Re: "Proactive" Password Checking Stefan Wagner (Nov 05)
- Re: "Proactive" Password Checking Rick Smith (Nov 05)
- Re: "Proactive" Password Checking Alec Muffett (Nov 06)
- RE: "Proactive" Password Checking Anton J Aylward (Nov 06)
- RE: "Proactive" Password Checking Kurt Buff (Nov 06)
- Re: "Proactive" Password Checking Frank O'Dwyer (Nov 18)
- <Possible follow-ups>
- RE: "Proactive" Password Checking Moore, James (Nov 06)
- RE: "Proactive" Password Checking Russ (Nov 06)
- Re: "Proactive" Password Checking REID FOX (Nov 06)
- RE: "Proactive" Password Checking Moore, James (Nov 08)
- RE: "Proactive" Password Checking Russ (Nov 09)
- RE: "Proactive" Password Checking Eric Toll (Nov 10)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 10)
- Re: "Proactive" Password Checking Alec Muffett (Nov 10)
(Thread continues...)