Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Linking Password Length to Write-down probability

from [Andrew Aris] Network Security [Permanent Link]
Subject: RE: Linking Password Length to Write-down probability
Date: Tue, 31 May 2005 10:37:56 +0100 
Just to add to some of the excellent approaches that have been suggested
here are a couple that I have had success with in the past:

1.) use a password that is a pattern on the keyboard (say three keys up then
three keys down)- most people can learn a pattern of keys to hit quite
quickly and it is very easy to remember as they only really need to know the
shape and the starting point. It also makes updateing passwords relatively
easy as you can simply shift the starting key. This gives them only one new
bit of information to "learn"

eg - "de34rf" is in password terms very different than "bgtyhn" but the
typing pattern is the same.

2.) Have the user pick some text that is visible to them when sat at their
desk but that isnt obviously a password - like a model name written on the
front of a monitor, of the name written on a file or book. Remembering it
works in the same way as postit note on the monitor - they just need to
"remeber" where to look but its much more secure because it doesnt scream
"password" at people.

cheers,

Andrew
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: user name from security logs, Tom Rhodes
Next by Date:  Re: aretzj.exe -- reappearing unknown system file, Jonathan Glass
Previous by Thread:  Re: Linking Password Length to Write-down probability, Nick Owen
Next by Thread:  RE: Linking Password Length to Write-down probability, Miguel Dilaj
Indexes:  [Date] [Thread] [Top] [All Lists]