Educause Security Discussion mailing list archives
Re: Password strength
From: Valdis Kletnieks <valdis.kletnieks () VT EDU>
Date: Thu, 26 Oct 2017 13:30:56 -0400
On Thu, 26 Oct 2017 17:17:13 -0000, Dale Lee said:
The only way that I know to audit password strength is to reverse/crack the password.
The other way is to implement going forward some software to check for password strength when the user is changing their password - so it should be impossible for new weak passwords to be set. Example: pam_cracklib for Linux boxes, not sure what the equivalent is for Windows. And then force a password change for everybody. (Though I'd recommend that you don't force a flag-day change because that leads to your help desk staff forming a tar-and-feather group heading to your office, but rather something like 4% of your userids every Tuesday morning for the next 25 weeks...)
Attachment:
_bin
Description:
Current thread:
- Password strength WALTER KERNER (Oct 26)
- Re: Password strength Mccormick, Kevin (Oct 26)
- Re: Password strength Dale Lee (Oct 26)
- Re: Password strength Valdis Kletnieks (Oct 26)
- Re: Password strength Taylor Randle (Oct 26)
- Re: Password strength Dale Lee (Oct 26)
- <Possible follow-ups>
- Re: Password strength Rich Graves (Oct 26)
- Re: Password strength Joseph Tam (Oct 26)
- Re: Password strength Mccormick, Kevin (Oct 26)