Security Basics mailing list archives
Re: user default password checking tool
From: krymson () gmail com
Date: 19 Sep 2006 15:12:27 -0000
In additon to what other posters have said, I would suggest not doing your passwords the same every time. You may need the user's password when you build and configure the system, but once you hand over the system and account to the user, you should change the password to something else that does not fit some scheme. Over time as people join your company and see what goes on, they can guess passwords of other new users and possibly utilize that access. In fact, it only takes one data set to guess your username/password scheme. For instance, if you always do [initial][initial]123, I can guess every new user account you make, especially if new employees are announced somewhere. At least vary the last three digits every time, especially if your account creation and hand-off to users is a manual process. If you have a password complexity policy, not following your own policy will look bad to new employees. Add a special character at the end. :) --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: user default password checking tool, (continued)
- Re: user default password checking tool PCSC Information Services (Sep 18)
- Re: user default password checking tool Josh Parker (Sep 22)
- Re: user default password checking tool Alexander Bolante (Sep 25)
- Re: user default password checking tool Terry Lowery (Sep 26)
- Re: user default password checking tool Machiavel (Sep 27)
- Re: user default password checking tool Terry Lowery (Sep 27)
- Re: user default password checking tool Alexander Bolante (Sep 25)
- Re: user default password checking tool Mario A. Spinthiras (Sep 25)
- Re: user default password checking tool Ahmouda (Sep 29)