Hi Johnny,
You can try using javascript functions to validate input (i.e. user
passwords ) in a text field based on your password complexity
requirements and put the page on your internal web server.
Regards,
Arun Bhaskar Kondoth
Johnny Wong wrote:
Hello Nic,
Thanks for the reply. I was looking for a tool for users to check
whether the passwords they choose meet the organization's policy. Not
a tool to test the strength of the existing passwords. Most likely a
web portal for them to enter the "potential" password, and the portal
will determine whether it meets the standards.
Rgds,
JW
At 08:48 AM 26/12/2006, Nic Stevens wrote:
You cannot check the quality of "Unix/Linux" passwords as it's a
one-way encryption so it must be done at the time the user (or admin)
sets the password. With PAM based authentication on *nix there are
ways of enforcing stronger passwords standards than the default.
As far as Windows goes I have no experience with security.
-Nic
Johnny Wong wrote:
Hello all,
I was wondering if your organization deploys any password quality
checking tool to help users select policy-compliant passwords? Be it
web-based or client based. I am thinking what type of requirements
do you use to select such tools, and what are the examples out there?
My thoughts:
1) It should not store the user's passwords (be it pass or fail)
2) It should be able to handle complexity rules (or align with
Windows GPO)
3) It should also work with Unix/Linux passwords
Thanks,
JW
--
Captiain! We've been hit. The only damage so far is the self-destruct
mechanism which, apparently has destroyed itself.
