Security Basics mailing list archives
Re: User Passwords and security risks
From: Edward Miller <EMiller () tax state va us>
Date: Tue, 4 May 2004 16:59:06 -0400
Damien, I wish I had some statistics in that area as well, but I haven't
come across any. However, here is a little analogy that I have used in
Security Awareness training about passwords. I wish I could take credit for
creating it because it always gets a good laugh. The best part I think is
that every user will remember two or three of these at least:
Passwords Are Like Underwear
1. Change yours often.
2. Don't leave it lying around.
3. Don't share yours with anyone else.
4. The longer the better.
5. Be mysterious.
Ed Miller
Damien Manuel
<dm () xyplex org> To: security-basics () securityfocus com
cc:
05/03/2004 04:41 Subject: User Passwords and security risks
AM
Greetings,
Does anyone have any statistics or raw data on the risks associated with
user based passwords in terms of the frequency of easily guessable
passwords and how different password policies and user education affects
the outcome?
Regards,
Damien Manuel, CISSP.
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- User Passwords and security risks Damien Manuel (May 03)
- <Possible follow-ups>
- Re: User Passwords and security risks tod (May 04)
- Re: User Passwords and security risks Edward Miller (May 06)
- Re: User Passwords and security risks Damien Manuel (May 06)
- Message not available
- RE: User Passwords and security risks damien (May 07)
- Re: User Passwords and security risks Damien Manuel (May 06)