El vie, 27 de 08 de 2004 a las 23:26, Eric Peeters escribiÃ:
Hijacking on this thread (with my apologies), I was wondering whether many
admins use
third-party password policy enforcement tools and whether it has led to less
password
cracking.
I use one such tool to reach what I think is a reasonable middle ground
between the basic
Windows 2000 password settings and complex password requirements, and I find
that I need
to crack my users' passwords less often. Since they now have no choice but to
comply with
my password policy, password cracking has gone from being an enforcement tool
to being a
way of checking that my policy is neither too loose nor too restrictive and
fine-tuning
said policy accordingly.
Am I being too confident in a tool in performing less password crackings, or
am I not
alone out there ?
Eric Peeters
R. Ibarra's Inc.
It's a good thing to have, but have in mind that if people gets too hard
to remember password they usually end writing them down in papers,
post-its, palms and that kind of things. The better thing to do it's to
impose a method to make good passwords, like choosing a phrase and
taking the first letter of each word, substituting 'l' for '1' or
'o' for '0' and similar things.
Anyway it's always a good practice to try to break the passwords of
your users at least once a month even if you have any of this kind
of systems.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
---------------------------------------------------------------------------
---------------------------------------------------------------------------
