Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Scott Weeks <sweeks () SANDIEGO EDU>
Date: Thu, 26 Aug 2004 14:10:20 -0700
scott On Thu, 26 Aug 2004, Sweeny, Jonny wrote: : Do IT departments commonly try to crack their users' passwords? : : That's surprising/scary news to me... It shouldn't be scary. You want to do it before the hackers do it and believe me they are. In another place, we ran lc4 (http://www.atstake.com/products/lc/) against a domain controller with 500 accounts and had over 250 in one minute and four seconds! 20 of the passwords were "password" and another 10-15 were "welcome"! Users like these need a LART... >:-) scott : : ~Jonny : : -----Original Message----- : From: The EDUCAUSE Security Discussion Group Listserv : [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason Brooks : Sent: Thursday, August 26, 2004 3:01 PM : To: SECURITY () LISTSERV EDUCAUSE EDU : Subject: [SECURITY] Password Cracking & Consequences : : We are looking for any advice on the consequences other institutions : impose : on faculty and staff when their password is cracked by IT. For : instance, is : it a zero-tolerance system where your password is automatically reset : and : you must show up at the Helpdesk to have it reset? Or, is it a : graduated : series of consequences, a la "Three Strikes and You're Out," e.g., : disciplinary action, network restrictions, etc. Any other : configurations? : : Anything anyone could provide would be helpful. Trying not to reinvent : the : wheel! : : Jason Brooks : : Jason Brooks : Information Security Technician : Longwood University : 201 High Street : Farmville, VA 23909 : (434) 395-2034 : mailto:brooksje () longwood edu : : ********** : Participation and subscription information for this EDUCAUSE Discussion : Group discussion list can be found at http://www.educause.edu/cg/. : : ********** : Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. : ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Password Cracking & Consequences Jason Brooks (Aug 26)
- <Possible follow-ups>
- Re: Password Cracking & Consequences Sweeny, Jonny (Aug 26)
- Re: Password Cracking & Consequences CAROLE CARMODY (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Melissa Guenther (Aug 26)
- Re: Password Cracking & Consequences Scott Weeks (Aug 26)
- Re: Password Cracking & Consequences Alan Amesbury (Aug 26)
- Re: Password Cracking & Consequences Jason Richardson (Aug 26)
- Re: Password Cracking & Consequences Jeff Giacobbe (Aug 26)
- Re: Password Cracking & Consequences Geoff Nathan (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Stephen Bernard (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Eric Pancer (Aug 26)
- Re: Password Cracking & Consequences Ken Shaurette (Aug 26)
(Thread continues...)