Penetration Testing mailing list archives
RE: Secure Password Policy?
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 20 Jan 2006 11:32:02 -0600
I would recommend, the longer the better. The more complex the better. It is possible that their 8 characters recommendation is connected to the weaker still used LM Hash passwords in Microsoft machines. http://en.wikipedia.org/wiki/LM_hash Windows by default creates LM Hashes out of passwords, unless disabled (or the password is over 15 digits). A randomly generated password of 8 characters (this includes letter, numbers and symbols) is pretty good. But bigger the better. Never used dictionary words, and even backward dictionary words. -Todd ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Secure Password Policy?, (continued)
- RE: Secure Password Policy? Jarmon, Don R (Jan 19)
- Re: Secure Password Policy? Sean Earp (Jan 22)
- FW: Secure Password Policy? Mike Harlan (Jan 20)
- Re: FW: Secure Password Policy? Rurouni Alucard Kawarami Himura (Jan 22)
- RE: FW: Secure Password Policy? Erin Carroll (Jan 23)
- Re: Secure Password Policy? Thor (Hammer of God) (Jan 23)
- Re: FW: Secure Password Policy? Rurouni Alucard Kawarami Himura (Jan 22)
- Re: FW: Secure Password Policy? kindageeky (Jan 21)
- Re: Secure Password Policy? Marek Isalski (Jan 22)
- RE: Secure Password Policy? Anders Thulin (Jan 22)
- RE: Secure Password Policy? Shenk, Jerry A (Jan 22)
- RE: Secure Password Policy? Todd Towles (Jan 22)
- RE: Secure Password Policy? Jarmon, Don R (Jan 19)