Security Basics mailing list archives
Re: User Passwords and security risks
From: Edward Miller <EMiller () tax state va us>
Date: Tue, 4 May 2004 16:59:06 -0400
Damien, I wish I had some statistics in that area as well, but I haven't come across any. However, here is a little analogy that I have used in Security Awareness training about passwords. I wish I could take credit for creating it because it always gets a good laugh. The best part I think is that every user will remember two or three of these at least: Passwords Are Like Underwear 1. Change yours often. 2. Don't leave it lying around. 3. Don't share yours with anyone else. 4. The longer the better. 5. Be mysterious. Ed Miller Damien Manuel <dm () xyplex org> To: security-basics () securityfocus com cc: 05/03/2004 04:41 Subject: User Passwords and security risks AM Greetings, Does anyone have any statistics or raw data on the risks associated with user based passwords in terms of the frequency of easily guessable passwords and how different password policies and user education affects the outcome? Regards, Damien Manuel, CISSP. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- User Passwords and security risks Damien Manuel (May 03)
- <Possible follow-ups>
- Re: User Passwords and security risks tod (May 04)
- Re: User Passwords and security risks Edward Miller (May 06)
- Re: User Passwords and security risks Damien Manuel (May 06)
- Message not available
- RE: User Passwords and security risks damien (May 07)
- Re: User Passwords and security risks Damien Manuel (May 06)