|
-
March 25th, 2007, 11:13 AM
#5
 Originally Posted by furigay
why bother to crack password, if somebody can add another password.
password protection policy now a days is not an effective line of defence even you have uncrackable password.. why i would bother if just add another one.
1. You cannot "add another password" you can only reset the password of an existing user.
2. You can create a new user account.
Both of these require administrator rights and both of them are very obvious.
So, why would you want to crack the password of an existing user?.............. well the only reason I can see is to commit some sort of criminal activity........ it is identity theft.
What you want to do is impersonate an existing user, such that they do not know (their password remains the same, and still works), and that the administrator does not see a new user account.
Password protection is still very valid, as it provides an audit trail and makes users accountable 
Similar Threads
-
By c0br4 in forum Newbie Security Questions
Replies: 10
Last Post: September 27th, 2006, 11:01 PM
-
By valhallen in forum Programming Security
Replies: 10
Last Post: August 29th, 2006, 10:46 PM
-
By free-fall in forum Newbie Security Questions
Replies: 2
Last Post: December 20th, 2002, 05:44 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote