Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: suggesting passwds to users

from [Mark Owen] Network Security [Permanent Link]
Subject: Re: suggesting passwds to users
Date: Mon, 18 Apr 2005 15:12:17 -0400 
So, when the user is
at the change password page and about to type in "Mets4Ever" as their
new password, why not give them a list of 10 or so cryptographically
strong, randomly generated passwords as suggestions for them.


Given a list of randomly generated or the option of entering a
convienant to remember password, I believe the end user will always
pick their own.  Those who will pick one from your list will surely
write it down to remember later.  I believe the best option for
security in this example is to enforce strict password policies (mix
upper, lower, numeric, and special characters with at least 8 in
total) and prevent the end user to write it down.  I generally advise
users to use something similar of M3ts~4~Ev3r! to remember a complex
password easier.  I would personaly try to stay away from giving them
the option to choose a predefined password due to its difficulty in
recalling.  Another option is to use 2-form authentication.  Mets4Ever
and a token would be an ideal solution.

-- 
Mark Owen
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: suggesting passwds to users, Matt Fisher
Next by Date:  RE: webapp dependencies, Matt Fisher
Previous by Thread:  suggesting passwds to users, James Barkley
Next by Thread:  Re: suggesting passwds to users, robert
Indexes:  [Date] [Thread] [Top] [All Lists]