Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Linking Password Length to Write-down probability

from [Ryan Platt] Network Security [Permanent Link]
Subject: RE: Linking Password Length to Write-down probability
Date: Thu, 26 May 2005 16:02:55 -0400 
Try this: http://www.baselinemag.com/article2/0,1397,1744120,00.asp

It gives a nice overview of the time/productivity lost when dealing with
passwords.




-----Original Message-----
From: Stian Øvrevåge [mailto:sovrevage@gmail.com] 
Sent: Thursday, May 26, 2005 5:07 AM
To: security-basics@securityfocus.com
Subject: Linking Password Length to Write-down probability

God morning list!

I continually read papers which advertise increased password lenghts (
and outrageous complexity requirements ) as The Solution(TM). I work
in a fairly large organization and I can safely acknowledge that even
8 character passwords with moderate complexity requirements are VERY
prone to beeing written un-encrypted and un-hashed on Post-Its, and
then safely contained, under the keyboard, or on the monitor. Which in
my humble oppinion is bordering to "stupid security".

I'm certain that there is a link between required password lenght and
complexity and the probability of users taking the huge leap backwards
and writing passwords down.

I've been doing a little Googling, but I can't seem to find any
scientific analytical/statistical research done on this particular
subject. Is anyone out there aware of any works done in this field? If
not, is there anyone intrested in conducting such a survey on the
behalf of the community?

Regards, Stian
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Symantec LiveUpdate and User Rights on Win2000, Paris E. Stone
Next by Date:  Re: Linking Password Length to Write-down probability, Doug . Janelle
Previous by Thread:  Linking Password Length to Write-down probability, Stian Øvrevåge
Next by Thread:  Re: Linking Password Length to Write-down probability, Gonzalo Martinez
Indexes:  [Date] [Thread] [Top] [All Lists]