Re: Password Quality checker

[Johnny Wong <johnnywkm () gmail com>]

Hello Nic,

Thanks for the reply. I was looking for a tool for users to check 
whether the passwords they choose meet the organization's policy. Not 
a tool to test the strength of the existing passwords. Most likely a 
web portal for them to enter the "potential" password, and the portal 
will determine whether it meets the standards.

Rgds,
JW

At 08:48 AM 26/12/2006, Nic Stevens wrote:
> You cannot check the quality of "Unix/Linux" passwords as it's a 
> one-way encryption so it must be done at the time the user (or 
> admin) sets the password. With PAM based authentication on *nix 
> there are ways of enforcing stronger passwords standards than the default.
> As far as Windows goes I have no experience with security.
>
> -Nic
>
>
> Johnny Wong wrote:
> > Hello all,
> >
> > I was wondering if your organization deploys any password quality 
> > checking tool to help users select policy-compliant passwords? Be 
> > it web-based or client based. I am thinking what type of 
> > requirements do you use to select such tools, and what are the 
> > examples out there?
> >
> > My thoughts:
> > 1) It should not store the user's passwords (be it pass or fail)
> > 2) It should be able to handle complexity rules (or align with Windows GPO)
> > 3) It should also work with Unix/Linux passwords
> >
> > Thanks,
> > JW
>
>
> --
> Captiain! We've been hit. The only damage so far is the self-destruct
> mechanism which, apparently has destroyed itself.