nanog mailing list archives

Re: AD and enforced password policies

From: Lyndon Nerenberg <lyndon () orthanc ca>
Date: Mon, 2 Jan 2012 18:10:33 -0800 (PST)

I just went through some calculations for a (government) site that has the
following rules:

[...]

Under the plausible assumption that very many people will start with a string
of digits, continue with a string of lower-case letters to reach seven characters,
and then add a period, there are only ~5,000,000,000 choices.  That's not many at
all -- but the rules look just fine...


1234;lkj rolls off the fingers quite nicely, don't you think?

Current thread:

Re: AD and enforced password policies, (continued)
- - - Re: AD and enforced password policies Måns Nilsson (Jan 04)
    - Re: AD and enforced password policies Randy Bush (Jan 03)
    - Re: AD and enforced password policies Todd Underwood (Jan 03)
    - Re: AD and enforced password policies Steven Bellovin (Jan 03)
    - RE: AD and enforced password policies Jones, Barry (Jan 05)
    - Re: AD and enforced password policies Gary Buhrmaster (Jan 03)
    - Re: AD and enforced password policies Jimmy Hess (Jan 03)
    - Re: AD and enforced password policies Måns Nilsson (Jan 04)
  - Re: AD and enforced password policies Gary Buhrmaster (Jan 02)
    - Re: AD and enforced password policies Steven Bellovin (Jan 02)
    - Re: AD and enforced password policies Lyndon Nerenberg (Jan 02)
    - Re: AD and enforced password policies Steven Bellovin (Jan 02)
    - Re: AD and enforced password policies Jimmy Hess (Jan 02)
    - Re: AD and enforced password policies Jared Mauch (Jan 03)
- Re: AD and enforced password policies Nick Hilliard (Jan 02)