Firewall Wizards mailing list archives
Re: Stanford break in
From: m () pavis biodec com
Date: Wed, 28 Apr 2004 12:51:49 +0200
* Bennett Todd (bet () rahul net) [040425 01:25]:
Other than that, frequent mandatory password changes are detrimental to security. Better to have the password-changing tool use cracklib, and offer good random passwords to users who are willing to use them, and let them keep using them long enough to amortize the higher cost of learning them.
Somewhere, sometimes, you have to. In Italy there is a law (T.U. 196/03) that mandates that in certain situations, which, by the way, are not so rare, you have to periodically change passwords on systems. The period could be as low as three to six months: ``5. La parola chiave, quando è prevista dal sistema di autenticazione, è composta da almeno otto caratteri oppure, nel caso in cui lo strumento elettronico non lo permetta, da un numero di caratteri pari al massimo consentito; essa non contiene riferimenti agevolmente riconducibili all'incaricato ed è modificata da quest'ultimo al primo utilizzo e, successivamente, almeno ogni sei mesi. In caso di trattamento di dati sensibili e di dati giudiziari la parola chiave è modificata almeno ogni tre mesi.'' from ``Allegato B - Disciplinare tecnico in materia di misure minime di sicurezza'' of the above mentioned law. In summary it says that password must be at least eight character long, or the maximum allowed by the system, must not not be easy to guess and must be changed every six months, or every three months if the data belong to a special category. In these cases trying to build an effective password policy is necessary, since is mandated by law. -- .*. finelli /V\ (/ \) -------------------------------------------------------------- ( ) Linux: Friends dont let friends use Piccolosoffice ^^-^^ -------------------------------------------------------------- There is nothing wrong with writing ... as long as it is done in private and you wash your hands afterward. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Stanford break in, (continued)
- RE: Stanford break in Ames, Neil (Apr 22)
- RE: Stanford break in Carric Dooley (Apr 23)
- Re: Stanford break in Vin McLellan (Apr 23)
- RE: Stanford break in Melson, Paul (Apr 23)
- RE: Stanford break in Paul D. Robertson (Apr 23)
- RE: Stanford break in Vin McLellan (Apr 26)
- RE: Stanford break in Paul D. Robertson (Apr 23)
- RE: Stanford break in Stewart, John (Apr 23)
- Re: Stanford break in Adam Shostack (Apr 23)
- Re: Stanford break in Bennett Todd (Apr 23)
- Re: Stanford break in Paul D. Robertson (Apr 23)
- Re: Stanford break in m (Apr 28)
- RE: Stanford break in Bill Royds (Apr 23)
- RE: Stanford break in Ames, Neil (Apr 22)