[an error occurred while processing this directive]
Other People's Passwords
[an error occurred while processing this directive]
Loading Document
If the page does not load, click here.
[an error occurred while processing this directive]
[an error occurred while processing this directive]
In today's world of online life, everyone knows what a password is. Everybody
has them, everybody uses them but few people actually protect them. What
good is this type of authentication if youre going to stick it up on your
monitor with a post-it-note?
Passwords are your first (if not, only) line of defense and pretty important
in the grand scheme of network security. They allow a person to prove they
Are who they say they are. With a password, you can become that person online.
So, what should we do to make sure they stay safe? Common thoughts in the
security world is, passwords must be at least eight characters, contain upper
and lower case letters, at least one number, a special character and be changed
every 30 to 60 days. Heh heh. How many people actually follow that? Your
hard core folks might but, your users wont and if they did, your help desk
will be flooded each month by users who have forgotten what they typed. My
question is, do we really need passwords that are so difficult to remember?
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Cryptology and hash cracking isn't what I'm going to talk about.
Not everyone is interested
in (or needs to know) exactly what happens when you type in a password and
how it's stored or even what it looks like on the wire as you log in. What
we do need to know is, with the power of computers today, no password hash
is safe. No one actualy 'cracks' a password. You can't. It's a one way, non-reversing
type of encryption. what peopel can do, it brute force or dictionary attack
your passwords once they collect the encrypted version. (Wich is sent every
time you log on) With a Pentium III 800mhz computer and free available software
from the 'net, Windows and UNIX passwords can be cracked within 72 or so
hours. And that's a very strong password like FT^&sb1}+2! Imagine how
quickly Cowboys#1 can be busted with a good dictionary attack! And they both
follow the same rules of strong passwords (Caps, Numbers, Special Characters,
Over Eight characters). So, what's the point? The point is, strong passwords
are not as strong as people like to think. If an intruder gets a hold of
a password hash or sniffs them off the wire (The enemy within), it's only
a matter of time.
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Keeping up with other people's passwords is a major headache, not
improving your security and costing your company money in man hours. Of all
the networks I've seen broken into, no password policy would have made a
difference. Your time is better spent on your routers and making sure your
public servers are patched and locked down. By all means, keep track of failed/sucessful
logons at your servers but, don't kill yourself over it. Advise
your staff to be creative with their passwords and make them things they
can remember. This wont stop a dtermined intruder but, it will cut down on
office problems.
Passwords are like key locks, they keep honest men honest but do nothing to the thief.
-Bagarre
[an error occurred while processing this directive]
[an error occurred while processing this directive]