Security Basics mailing list archives
Re: Password Storage
From: "Needs More Longcat" <rev.ka.fox () gmail com>
Date: Wed, 2 Aug 2006 10:20:20 -0700
On 2 Aug 2006 11:36:21 -0000, c.brace () lamp ac uk <c.brace () lamp ac uk> wrote:
Doug It all depends on the strength of the passwords that you are using, it's a fine balance between providing passwords that are strong enough to be effective, simple enough to be remembered by your users.
I'm not sure where you are going with this. The idea is "do we keep passwords on file?" & more importantly, "How?"
No matter how simple your passwords are, you will have some users who will insist on writing their passwords down somewhere (Check desks, under keyboards, in their top drawer, on their whiteboard, in the pile of post it notes stuck to the side of their monitor) let's face it the only way that we are going to stop some users from writing them down is to cut off their hands.
The reason so many write information like this down is due to remembering (whether you "can't" or "won't" is another issue). If a user chooses not to write down their password, and still forgets, issuing a new password doesn't work for all scenarios. Not to rehash the aforementioned, comatose admin scenario, but the problem is real.
probably the best thing to do is to escalate the privaliges for their accounts as and when they are required. (OK this is slightly more admin work, but having those servers constantly available sounds like a bad idea) --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- "A word to the wise ain't necessary - it's the stupid ones that need the advice." --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Password Storage, (continued)
- Re: Password Storage Robert Larsen (Aug 02)
- Re: Password Storage Ayaz Ahmed Khan (Aug 03)
- RE: Password Storage Nicholas Fanelli (Aug 02)
- Re: Password Storage Greg Merideth (Aug 03)
- Re: Password Storage Saqib Ali (Aug 04)
- Re: Password Storage Glenn English (Aug 03)
- Re: Password Storage Kenton Smith (Aug 03)
- Re: Password Storage guhus (Aug 02)
- Re: Password Storage info (Aug 02)
- Re: Password Storage c . brace (Aug 02)
- Re: Password Storage Needs More Longcat (Aug 03)
- RE: Password Storage Del Thompson (Aug 02)
- RE: Password Storage Dunigan, Michael (Aug 03)
- RE: Password Storage Krpata, Tyler (Aug 03)
- Re: RE: Password Storage krymson (Aug 03)
- Re: Re: Password Storage mail (Aug 03)
- Re: Password Storage Doug W (Aug 04)
- What to look in IIS Logs on daily basis Bhattacharya, Ananda (Aug 04)
- RE: Re: Password Storage BARRETT,WILL (Aug 04)
- Re: Password Storage e . m . baechle (Aug 04)
- Re: Password Storage Robert Larsen (Aug 02)