Security Basics mailing list archives
RE: passwords
From: "Högman, Lars" <Lars.Hogman () concordiabus com>
Date: Fri, 21 Feb 2003 09:25:21 +0100
One (usually) good way to teach users about the how and why of passwords is to sit down with them and browse the network, preferably some very important folders, and ask them how their manager would react if I deleted all the files there. "After all, it's your account that does the deleting, so don't try to blame me" (make sure you don't sound too serious at this point...) Most secret notes disappear shortly after this. A large number of users never make the connection between what they have the right to do in a network, and that there comes a responsibility not to abuse those rights -unless you make them fear the consequences. The only problems I've had with this approach is finding the time for it, and realising in time that I'm informing someone more paraniod than myself... /Lasse
From: "Robert Sieber" <securityfocus () different-thinking de> It doesn't make sense because 90 days is too long. A password should be changed at least after 30 days - if they are strong enough. A cracker has 90 days to find out the correspondig password .....
If I tried that here, everyone would have sticky notes on their monitor, or if you crack down on that they'd get "clever" and hide it somewhere else like under their keyboard or something. How did you get around this problem? Or you have a very different definition of what a strong password is, my example of a strong password would be like this: X-ik]>_:72 Chris Berry compjma () hotmail com Systems Administrator JM Associates "Quick, easy, or cheap; pick any two."
Current thread:
- Re: passwords, (continued)
- Re: passwords eer7y3n0h (Feb 19)
- Re: passwords Chris Berry (Feb 19)
- RE: passwords Robinson, Sonja (Feb 19)
- RE: passwords Vince Dang (Feb 20)
- RE: passwords Chris Berry (Feb 20)
- Re: passwords Chris Berry (Feb 20)
- RE: passwords Shanna Daly (Feb 20)
- RE: passwords Trevor Cushen (Feb 20)
- Re: passwords Glen Mehn (Feb 20)
- RE: passwords Tim Heagarty (Feb 20)
- RE: passwords Högman, Lars (Feb 22)