Security Basics mailing list archives
Re: Password Quality checker
From: Arun Bhaskar <arun.bhaskar.k () gmail com>
Date: Fri, 29 Dec 2006 16:04:31 +0530
Hi Johnny,You can try using javascript functions to validate input (i.e. user passwords ) in a text field based on your password complexity requirements and put the page on your internal web server.
Regards, Arun Bhaskar Kondoth Johnny Wong wrote:
Hello Nic,Thanks for the reply. I was looking for a tool for users to check whether the passwords they choose meet the organization's policy. Not a tool to test the strength of the existing passwords. Most likely a web portal for them to enter the "potential" password, and the portal will determine whether it meets the standards.Rgds, JW At 08:48 AM 26/12/2006, Nic Stevens wrote:You cannot check the quality of "Unix/Linux" passwords as it's a one-way encryption so it must be done at the time the user (or admin) sets the password. With PAM based authentication on *nix there are ways of enforcing stronger passwords standards than the default.As far as Windows goes I have no experience with security. -Nic Johnny Wong wrote:Hello all,I was wondering if your organization deploys any password quality checking tool to help users select policy-compliant passwords? Be it web-based or client based. I am thinking what type of requirements do you use to select such tools, and what are the examples out there?My thoughts: 1) It should not store the user's passwords (be it pass or fail)2) It should be able to handle complexity rules (or align with Windows GPO)3) It should also work with Unix/Linux passwords Thanks, JW-- Captiain! We've been hit. The only damage so far is the self-destruct mechanism which, apparently has destroyed itself.
Current thread:
- Password Quality checker Johnny Wong (Dec 25)
- Re: Password Quality checker Saqib Ali (Dec 27)
- Re: Password Quality checker intel96 (Dec 29)
- Message not available
- Re: Password Quality checker Johnny Wong (Dec 27)
- Re: Password Quality checker Steven (Dec 29)
- Re: Password Quality checker Arun Bhaskar (Dec 29)
- Re: Password Quality checker Johnny Wong (Dec 27)
- Re: Password Quality checker Saqib Ali (Dec 27)
- <Possible follow-ups>
- RE: Password Quality checker Hayes, Bill (Dec 29)