Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Linking Password Length to Write-down probability

from [Nick Owen] Network Security [Permanent Link]
Subject: Re: Linking Password Length to Write-down probability
Date: Fri, 27 May 2005 11:44:31 -0400 
I think it would be hard to link writing down passwords to just the
length and complexity.  I would think that the number of passwords a
person has would be a bigger factor.  I think it would be hard to
account for that - since so many would be outside the enterprise.

Stian Øvrevåge wrote:

God morning list!

I continually read papers which advertise increased password lenghts (
and outrageous complexity requirements ) as The Solution(TM). I work
in a fairly large organization and I can safely acknowledge that even
8 character passwords with moderate complexity requirements are VERY
prone to beeing written un-encrypted and un-hashed on Post-Its, and
then safely contained, under the keyboard, or on the monitor. Which in
my humble oppinion is bordering to "stupid security".

I'm certain that there is a link between required password lenght and
complexity and the probability of users taking the huge leap backwards
and writing passwords down.

I've been doing a little Googling, but I can't seem to find any
scientific analytical/statistical research done on this particular
subject. Is anyone out there aware of any works done in this field? If
not, is there anyone intrested in conducting such a survey on the
behalf of the community?

Regards, Stian



-- 

Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Symantec LiveUpdate and User Rights on Win2000, Micheal Espinola Jr
Next by Date:  Re: Linking Password Length to Write-down probability, Dan Tesch
Previous by Thread:  RE: Linking Password Length to Write-down probability, Miguel Dilaj
Next by Thread:  Re: Linking Password Length to Write-down probability, Mihai Amarandei
Indexes:  [Date] [Thread] [Top] [All Lists]