Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password alternatives

From: John Morrison <john.morrison101 () googlemail com>
Date: Tue, 30 Mar 2010 16:47:14 +0100
All good ideas and all worth pursuing.

Biometrics and tokens are useful. They are more like a physical key
and it is easier to explain about why you should not share.

Passphrases are much better than complex passwords. They are difficult
to guess and crack, and they are easier to remember. If someone can't
remember something they WILL write it down. Once written down no
technical skill or hacking time is required to break in. A bit like
leaving your safe combination taped to the front of the safe.

I would suggest that you talk to the senior staff and find out what
they want (share what with whom) and what specific issues they have
with the current system. Then work towards meeting their and your
requirments.

Education is the most effective method. It may be costly in time and
resources, however. I spent a lot of time spread over a 10 year period
teaching my kids to use good passwords, spot scams, etc. It has took
the UK government over a decade to teach drivers not to drink and
drive and a similar length of time to make wearing a seat belt second
nature.

On 26 March 2010 18:18, WALI <hkhasgiwale () gmail com> wrote:

Hi guys

The recent attempt to roll out password complexity within our AD domain has
not been well recieved by higher / executive management. These guys have a
habit of sharing their passwords with their PAs and secretaries and now they
are cribbing when they need to change their password every 90 days.

What are best and most workable alternatives? Biometrics, RSA tokens? Any
thing else which you guys have implemented with relative ease?

Pls advise!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: