That Junior Admin who used "letmein" as a password is an example of someone who just doesn't know how to create a decent one.
Actually, that Junior Admin was an example of someone who doesn't understand the importance of locking an account after too many retries. The fact that I spent so long on it meant that at some point, even with a strong password, I'd get it.

Some sent me a note asking how I can post this and yet discourage questions about "hacking". I guess it comes down to "intent". That is, what's the goal. If the goal is to learn how to "hack my g/f's account so I can prove she's been cheating on me", then no. I don't advocate or support this. If the goal is to learn how attackers do what they do so I can lock down my machine better and keep users more informed, then this is what it's for.

I guess, it becomes a question of ethics.



I still have a couple of more tuts to work on for this series but have taken some time off due to some bronchitis. Perhaps later today I can get #3 up and then another one later this week or early next week.