Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Scott Bradner <sob () HARVARD EDU>
Date: Thu, 26 Aug 2004 19:33:29 -0400
what is the threat model that leads to teh IT department cracking passwords? if you make the password file hard to get (i.e. restricted access, if someone can override that you have a rather more basic problem that making sure that people have good passwords will not solve) and you auto lockout (for some period of time) on multiple failed login attempts (7 or so is a good number of you want to encurrage people to use different passwords on different machines - 3 would ensure that people used the same password on all machines or to write down the machine/password combos) I do not see that having the IT department run a password cracker does all that much good and the bad taste that people will have over it being done (and the enabling of a strong defense that someone cought doing something bad that has already been mentioned) seems to argue that its, in general, a bad ide far better to force good passwords when the user sets them Scott ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Jason Richardson (Aug 26)
- Re: Password Cracking & Consequences Jeff Giacobbe (Aug 26)
- Re: Password Cracking & Consequences Geoff Nathan (Aug 26)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Stephen Bernard (Aug 26)
- Re: Password Cracking & Consequences Ron Parker (Aug 26)
- Re: Password Cracking & Consequences Eric Pancer (Aug 26)
- Re: Password Cracking & Consequences Ken Shaurette (Aug 26)
- Re: Password Cracking & Consequences Wayne J. Hauber (Aug 26)
- Re: Password Cracking & Consequences Scott Bradner (Aug 26)
- Re: Password Cracking & Consequences Scott Weeks (Aug 26)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Scott Bradner (Aug 26)
- Re: Password Cracking & Consequences Scott Bradner (Aug 26)
- Re: Password Cracking & Consequences James Riden (Aug 26)
- Re: Password Cracking & Consequences Michael Mills (Aug 26)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Wayne Wilson (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Lucas, Bryan (Aug 27)
(Thread continues...)