Educause Security Discussion mailing list archives

Re: Password Cracking & Consequences

From: Scott Weeks <sweeks () SANDIEGO EDU>
Date: Thu, 26 Aug 2004 14:10:20 -0700

scott


On Thu, 26 Aug 2004, Sweeny, Jonny wrote:

:  Do IT departments commonly try to crack their users' passwords?
:
:  That's surprising/scary news to me...


It shouldn't be scary.  You want to do it before the hackers do it and
believe me they are.  In another place, we ran lc4
(http://www.atstake.com/products/lc/) against a domain controller with 500
accounts and had over 250 in one minute and four seconds!  20 of the
passwords were "password" and another 10-15 were "welcome"!  Users like
these need a LART...  >:-)

scott



:
:  ~Jonny
:
:  -----Original Message-----
:  From: The EDUCAUSE Security Discussion Group Listserv
:  [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason Brooks
:  Sent: Thursday, August 26, 2004 3:01 PM
:  To: SECURITY () LISTSERV EDUCAUSE EDU
:  Subject: [SECURITY] Password Cracking & Consequences
:
:  We are looking for any advice on the consequences other institutions
:  impose
:  on faculty and staff when their password is cracked by IT.  For
:  instance, is
:  it a zero-tolerance system where your password is automatically reset
:  and
:  you must show up at the Helpdesk to have it reset?  Or, is it a
:  graduated
:  series of consequences, a la "Three Strikes and You're Out,"  e.g.,
:  disciplinary action, network restrictions, etc.  Any other
:  configurations?
:
:  Anything anyone could provide would be helpful.  Trying not to reinvent
:  the
:  wheel!
:
:  Jason Brooks
:
:  Jason Brooks
:  Information Security Technician
:  Longwood University
:  201 High Street
:  Farmville, VA 23909
:  (434) 395-2034
:  mailto:brooksje () longwood edu
:
:  **********
:  Participation and subscription information for this EDUCAUSE Discussion
:  Group discussion list can be found at http://www.educause.edu/cg/.
:
:  **********
:  Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
:

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Password Cracking & Consequences Jason Brooks (Aug 26)
- <Possible follow-ups>
- Re: Password Cracking & Consequences Sweeny, Jonny (Aug 26)
- Re: Password Cracking & Consequences CAROLE CARMODY (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Melissa Guenther (Aug 26)
- Re: Password Cracking & Consequences Scott Weeks (Aug 26)
- Re: Password Cracking & Consequences Alan Amesbury (Aug 26)
- Re: Password Cracking & Consequences Jason Richardson (Aug 26)
- Re: Password Cracking & Consequences Jeff Giacobbe (Aug 26)
- Re: Password Cracking & Consequences Geoff Nathan (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Stephen Bernard (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Eric Pancer (Aug 26)
- Re: Password Cracking & Consequences Ken Shaurette (Aug 26)

(Thread continues...)