Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Stanford break in

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 22 Apr 2004 18:15:30 -0400 (EDT)
On Thu, 22 Apr 2004, Laura Taylor wrote:


You need some user behavior/rules of engagement policies to deal with users
bringing home password files and cracking them. And they should be enforced.
Laura


Ron's main point (I think) is that you can't enforce strong password
policies everywhere in an organization, so folks who want to circumvent
those policies will do so, and the net result of stronger passwords is
lost.  Non-trivial passwords, I agree with, but "strong passwords" really
just piss off users without much overall affect to the organization's
security posture if there's enough disparate system types (or if users
simply use that password everywhere so they can remember it.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: