March 14th, 2002, 02:33 PM
UK says pawwwords too easy to crack
March 14th, 2002, 02:47 PM
I have to agree with this article.
After working as HelpDesk Support/ASA, I've found that to be the case more often than not. When people choose their passwords, they tend to choose something that is easy for them to remember without thinking about security issues. When their password expires, they only do something as simple as adding a character or two to the end of their old password. Even when you try to explain the importance of security and having a password people can't guess they choose not to listen. But, hey. What can you do to convince them otherwise without allowing your system to get hacked?
That's Officer 11001001 to you...
Now you see me | Now you don't
"Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
sometimes my computer goes down on me
March 14th, 2002, 02:52 PM
I think this is why the trend toward token usage is growing. It forces more security upon users.
March 14th, 2002, 03:06 PM
The weakness in EVERY security system is always the user. I'll admit, there are always other weaknesses, but the user is always the greatest weakness. Thats why smart cards, fingerprint id's, etc etc are all being developed. I doubt it will ever be possible to come up with a truly secure password. With enough money, you could purchase enough hard drive space to store every possible password. Then its just a matter of running a dictionary password cracker, and.......It will just take some time.
\"Ignorance is bliss....
but only for your enemy\"
March 14th, 2002, 03:27 PM
I always recomend to the companies that I outsource to to require long password and the complexity policies. A few of them wont listen though. I have observed some of them with something typical such as their wifes name or they use there own name. I'll come back 6 months or a year later and they still have the same one. So I have to agree with most. The weakest link in IT security is the user.
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
March 14th, 2002, 03:28 PM
Maybe the only truly secure system is one that does not communicate with any other. Like Bruce Schnieir said.
March 14th, 2002, 03:29 PM
hmm they way i deal with my passwords is that i have 4 levels of passwords..
i use level 1 commonly, if someone crack it i wouldnt mind coz level 1 accounts are not that important.. levels 2 and 3 are a bit more personal and confidential... someone cracks either one of them would worry me... level 4 is a rare one.. its a 14 character alpha-numeric password. no one will guess.. lolz.. i only used level 4 three times.. one is for my bank accounts.. second would be my ISP and 3rd.. other confidential information about me..
my point is.. i dont use only one password.. and neither do i use lots of passwords.. the trick is in the difficulty not in the number..
March 14th, 2002, 04:09 PM
It's more than just a poorly chosen password people leave there
passwords visible for others to discover them very openly
under the desk on the desk. sticky on a monitor, sticking out of
an open folder, in there purse, they send there suit
or a pair of pants to the dry cleaners but they forget to remove
all the papers when there in a rush oops, throw out old passwords
rather than shredding them with a machine. If anyone need
strong passwords here is a great tool:
* choose the ssl option, check all the boxes
* a good password is about 24-53 charecter
* test your passwords
* After you create passwords DO NOT repeat do NOT
paste or save any passwords to text files, copy the passwords to paper
then exit immediatly without hitting a back key on Netscape or IE
clear your cache
* Root or Admin Passwords should be changed every single day
* Use Sudo and Pwconv commands if you use Unix or Linux