Firewall Wizards mailing list archives
Re[2]: password aging
From: Steve.Bleazard () wdr com
Date: Wed, 2 Sep 1998 15:17:06 +0700
One alternative to password aging, is to force everyone to use a password generator. FIPS181 from the US government describes (and implements) such a generator. I have found the FIPS181 algorithm generates good pronouncable passwords. They are also far less susceptible to social engineering. Using password generators has many problems in itself, not least of which is the tendency for people to write the password down. However, if security demands good password aging and system wide password re-use detection, then the local policies can be enforced to deal with this and a generator is a viable alternative. Steve ______________________________ Reply Separator _________________________________ Subject: Re: password aging Author: jsdy (jsdy () cospo osis gov) at unix/o2=mime Date: 9/1/98 8:58 PM
This is true. It's also "standard" practice...One of the goals of my group is to _reduce_ the number of calls to the help-desk. Please keep in mind that this is only a _proposed_ change, and it hasn't been approvee yet.
If reducing calls is a goal, why increase them by not telling the user why the password is rejected? ;-)
Scalability is an issue. We're talking about (at least) a 128 bit keyspace.
The ARGUMENT doesn't scale perfectly. Analogies rarely do. I believe that a system-wide old-password database is still not the wisest choice. -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: password aging Paul McNabb (Sep 01)
- Re: password aging Stephen P. Gibbons (Sep 01)
- <Possible follow-ups>
- RE: password aging Rick Smith (Sep 01)
- Re: password aging Joseph S. D. Yao (Sep 01)
- Re: password aging Stephen P. Gibbons (Sep 01)
- Re: password aging Joseph S. D. Yao (Sep 01)
- Re: password aging Stephen P. Gibbons (Sep 01)
- Re[2]: password aging Steve . Bleazard (Sep 02)
- Re: Re[2]: password aging Alec Muffett - SunLabs (Sep 02)
- Re: Re[2]: password aging Aleph One (Sep 02)
- Re: Re[2]: password aging Ryan Russell (Sep 03)
- Re: Re[2]: password aging Michael Shields (Sep 06)
- Re: password aging Paul McNabb (Sep 03)
- Re: password aging Stephen P. Gibbons (Sep 06)