[an error occurred while processing this directive] Other People's Passwords [an error occurred while processing this directive] Loading Document If the page does not load, click here.
[an error occurred while processing this directive] [an error occurred while processing this directive]

In today's world of online life, everyone knows what a password is. Everybody has them, everybody uses them but few people actually protect them. What good is this type of authentication if youre going to stick it up on your monitor with a post-it-note?

 Passwords are your first (if not, only) line of defense and pretty important in the grand scheme of network security. They allow a person to prove they Are who they say they are. With a password, you can become that person online. So, what should we do to make sure they stay safe? Common thoughts in the security world is, passwords must be at least eight characters, contain upper and lower case letters, at least one number, a special character and be changed every 30 to 60 days. Heh heh. How many people actually follow that? Your hard core folks might but, your users wont and if they did, your help desk will be flooded each month by users who have forgotten what they typed. My question is, do we really need passwords that are so difficult to remember?

[an error occurred while processing this directive] [an error occurred while processing this directive]

Cryptology and hash cracking isn't what I'm going to talk about. Not everyone is interested in (or needs to know) exactly what happens when you type in a password and how it's stored or even what it looks like on the wire as you log in. What we do need to know is, with the power of computers today, no password hash is safe. No one actualy 'cracks' a password. You can't. It's a one way, non-reversing type of encryption. what peopel can do, it brute force or dictionary attack your passwords once they collect the encrypted version. (Wich is sent every time you log on) With a Pentium III 800mhz computer and free available software from the 'net, Windows and UNIX passwords can be cracked within 72 or so hours. And that's a very strong password like FT^&sb1}+2! Imagine how quickly Cowboys#1 can be busted with a good dictionary attack! And they both follow the same rules of strong passwords (Caps, Numbers, Special Characters, Over Eight characters). So, what's the point? The point is, strong passwords are not as strong as people like to think. If an intruder gets a hold of a password hash or sniffs them off the wire (The enemy within), it's only a matter of time.

[an error occurred while processing this directive] [an error occurred while processing this directive]

 Keeping up with other people's passwords is a major headache, not improving your security and costing your company money in man hours. Of all the networks I've seen broken into, no password policy would have made a difference. Your time is better spent on your routers and making sure your public servers are patched and locked down. By all means, keep track of failed/sucessful logons at your servers but, don't kill yourself over it.  Advise your staff to be creative with their passwords and make them things they can remember. This wont stop a dtermined intruder but, it will cut down  on office problems.

Passwords are like  key locks, they keep honest men honest but do nothing to the thief.

  -Bagarre

[an error occurred while processing this directive] [an error occurred while processing this directive]

Loading Document If the page does not load, click here.

Packet-Security.com