Security Basics mailing list archives
Re: Password alternatives
From: Yousef Syed <yousef.syed () gmail com>
Date: Wed, 31 Mar 2010 11:39:31 +0100
Hi Wali, I'd start by sharing this article with your password challenged managers: http://lifehacker.com/5505400/how-id-hack-your-weak-passwords On the next level, I'd institute an I&AM system that permits delegated administration. That way, the PAs and secretaries can be granted access to the managers systems, but they'll be using their own logins. 1. No passwords need to be shared. 2. Complete Audit trail of WHO was actually using the system at the time. I'm sure that there are various legal ramifications to sharing passwords and accessing systems without the account owner's knowledge... If they are still selecting useless passwords, then, give them RSA keys. Regards, ys -- Yousef Syed CISSP http://www.linkedin.com/in/musashi On 26 March 2010 17:18, WALI <hkhasgiwale () gmail com> wrote:
Hi guys The recent attempt to roll out password complexity within our AD domain has not been well recieved by higher / executive management. These guys have a habit of sharing their passwords with their PAs and secretaries and now they are cribbing when they need to change their password every 90 days. What are best and most workable alternatives? Biometrics, RSA tokens? Any thing else which you guys have implemented with relative ease? Pls advise! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Password management System, (continued)
- Re: Password management System John Morrison (Mar 26)
- Re: Password management System Samantha Fetter (Mar 29)
- Re: Password management System Marc-André Laverdière (Mar 26)
- Password alternatives WALI (Mar 29)
- RE: Password alternatives David Gillett (Mar 30)
- Re: Password alternatives Adam Mooz (Mar 30)
- Message not available
- Fwd: Password alternatives Kurt Buff (Mar 30)
- Re: Password alternatives John Morrison (Mar 30)
- Re: Password alternatives Ansgar Wiechers (Mar 31)
- Re: Password alternatives Brent Gardner (Mar 31)
- Password alternatives WALI (Mar 29)
- Re: Password management System John Morrison (Mar 26)
- Re: Password alternatives Yousef Syed (Mar 31)
- Re: Password management System Lim Hock Leong (Mar 30)