Security Basics mailing list archives
RE: Password Management
From: cv arun <cv.arun () yahoo com>
Date: Mon, 24 Apr 2006 22:16:22 -0700 (PDT)
Hi, Microsoft recently released a link to help you choose "good passwords" http://www.microsoft.com/athome/security/privacy/password_checker.mspx Regs Arun Paladion Networks --- Christopher Carpenter <ccarpenter () dswa net> wrote:
That's patently false. The longer the password, the better it will hold up against brute force attacks. Length and complexity also provide a measure of protection against those using rainbow tables. Rainbow Tables (Wikipedia) http://en.wikipedia.org/wiki/Rainbow_table Password Recovery Speeds (Lockdown.co.uk)
http://www.thecrypt.co.uk/lockdown/recovery_speeds.html
Chris -----Original Message----- From: Jason T. Hallahan [mailto:jthallah () gmail com] Sent: Friday, April 21, 2006 10:54 AM To: Crawley, Jim Cc: security-basics () securityfocus com Subject: Re: Password Management I read somewhere that the optimal password length for a Windows system is actually 7 alphanumeric characters... can anyone verify or expand on that? On 4/20/06, Crawley, Jim <Jim.Crawley () yrbrands com> wrote:Post-it notes on the monitor. Really though, it's all pretty straightforward. Minimum 6-8characters, no maximum (try to encouragepass-phrases as they're easierto remember and harder to guess than simplewords), complexity(combination of alphanumeric characters), 60 dayexpiration, 5-20password history. No exceptions. None, at all.Nill. Nada. Zip.Most programs/systems there's not much youcan do about thestorage of the passwords in the system itself, butif you're talkingabout end-users then your biggest worry will bewhat I said in my firstline. The best way to avoid this is probably totry to integrate asmany systems as you can to use the same accounts. Right now we're working on getting all ourin-house andsupplier-built systems working off our ActiveDirectory accounts pullingthe passwords via Kerberos from our domaincontrollers. This howeverwill also cause the issue of one system beingcompromised and they allget compromised. It's a risk/benefit write-offthing - we think therisk is worth it as the other option IS thedreaded post-it notes.-----Original Message----- From: Securi Net [mailto:securinet2004 () yahoo ca] Sent: Friday, 21 April 2006 2:44 AM To: security-basics () securityfocus com Subject: Password Management Hello list members, Does anyone know of any password managementstandards that are outthere? I am looking at drafting an Enterprise widestrategy for managingpasswords, which should encompass change,exceptions to change, passwordstorage security, secure practices, categorizationof accounts, etc.What I am trying to accomplish is to give a robustand resilientstructure to all the best practices out therearound passwordmanagement. I don't expect to find a silver bullet, but wouldwelcome any feedback.Regards CP __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spamprotection aroundhttp://mail.yahoo.com
------------------------------------------------------------------------
- This List Sponsored by: Webroot Don't leave your confidential company and customerrecords un-protected.Try Webroot's Spy Sweeper Enterprise(TM) for 30days for FREE with noobligation. See why so many companies trust SpySweeper Enterprise toeradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--
------------------------------------------------------------------------
-This List Sponsored by: Webroot Don't leave your confidential company and customerrecords un-protected.Try Webroot's Spy Sweeper Enterprise(TM) for 30days for FREE with noobligation. See why so many companies trust SpySweeper Enterprise toeradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--
------------------------------------------------------------------------
- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--
-------------------------------------------------------------------------
This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Re: Password Management, (continued)
- Re: Password Management Turk (Apr 24)
- Re: Password Management Micheal Espinola Jr (Apr 24)
- RE: Password Management Lorteau Clement (Apr 21)
- Re: Password Management nightwatchman (Apr 21)
- Re: Password Management Bill Cullen (Apr 24)
- Re: Password Management Alexander Bolante (Apr 24)
- Re: Password Management l00t3r (Apr 24)
- RE: Password Management Christopher Carpenter (Apr 24)
- Re: Password Management Stephen John Smoogen (Apr 24)
- RE: Password Management Donald N Kenepp (Apr 25)
- RE: Password Management cv arun (Apr 25)
- Re: Password Management Ansgar -59cobalt- Wiechers (Apr 26)
- RE: Password Management Utz, Ralph (Apr 24)
- Re: Password Management James Harless (Apr 24)
- Re: Password Management James Harless (Apr 24)
- Re: Password Management Derek Schaible (Apr 25)
- Re : Password Management frrrwww-ml (Apr 25)
- RE: Password Management Beauford, Jason (Apr 24)
- Re: Password Management PCSC Information Services (Apr 24)
- RE: Password Management Steve Armstrong (Apr 25)
- RE: Password Management Utz, Ralph (Apr 25)