Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Eric Pancer <epancer () SECURITY DEPAUL EDU>
Date: Thu, 26 Aug 2004 17:18:23 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Parker wrote on Thu, 2004-08-26 at 17:07:32 -0500...
From a network security standpoint, this seems like pretty standard countermeasures to me. I consider this to be the network security equivalent of physical campus security rattling doorknobs at night to see if the door is locked. A poor password is an unlocked door.
I would beg to differ slightly. A poor password is more like a easily-pickable lock. Sure, this is just a different wording, but I would hold the locksmith slightly responsible for putting an easily-picked lock in place to protect a bank. Likewise, I would place some responsibility on the system administrators who do not configure password guidelines. As much as I don't like Microsoft products, they do offer fairly decent password guidelines and enforcement tools. These are easy to use, but *do* require some user education detailing *how* to choose a ``good'' password. - -- Eric Pancer :.: Computer Security Response Team :.: DePaul University http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3 -----BEGIN PGP SIGNATURE----- iQEVAwUBQS5hoxg79iScdnghAQIT5wgAxVuG64PLQGwfqMh49t3VUNrskBrNTLdT cyECandoultCdT/y7tQyp4FxrZQqIEuypASC2KsUPPeIfRZ3OVHiMLKJSEoPvXyD +lEEDSFkrI9AsAIfwmMlbcFEsu7FFTZLuxasaWtszpAXHzBDYenwSeNNdnVi3DSj VBgsBhV/W8bZyTfSntc/zOMQM6zj4mNG2XQjgXr0wxg7RMk6Tl3EyHAomRcuHIFs ZNd1KU8Pw8hhZbvsZx+DM5uVXRwdvAHHkzS7LezJDayzX+gCvy9v69MNYC5slNz+ mVlkzHvHdFK1rcvDFQD3lVKSwaPU4T78hkBDeKukvDEBA2+bUIimtA== =yKzS -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Melissa Guenther (Aug 26)
- Re: Password Cracking & Consequences Scott Weeks (Aug 26)
- Re: Password Cracking & Consequences Alan Amesbury (Aug 26)
- Re: Password Cracking & Consequences Jason Richardson (Aug 26)
- Re: Password Cracking & Consequences Jeff Giacobbe (Aug 26)
- Re: Password Cracking & Consequences Geoff Nathan (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Stephen Bernard (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Eric Pancer (Aug 26)
- Re: Password Cracking & Consequences Ken Shaurette (Aug 26)
- Re: Password Cracking & Consequences Wayne J. Hauber (Aug 26)
- Re: Password Cracking & Consequences Scott Bradner (Aug 26)
- Re: Password Cracking & Consequences Scott Weeks (Aug 26)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Scott Bradner (Aug 26)
- Re: Password Cracking & Consequences Scott Bradner (Aug 26)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Michael Mills (Aug 26)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
(Thread continues...)