Find and listen to Steve Gibson's explanation of his password haystacks
concept which this cartoon was based on. I think he's spot on. Password
length wins over complexity. Put both together and there's not enough
petaflops in the universe to crack the password. My opinion, YMMV.
Steve Gibson
This would be great if brute force was the only way to break into a system.
It's a good part of the overall security puzzle, but not the whole story.
* *
*ASB* *http://XeeMe.com/AndrewBaker http://about.me/Andrew.S.Baker*
*Harnessing
the Advantages of Technology for the SMB market…
*
On
Steve Gibson? Seriously?
http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/
http://www.theregister.co.uk/2001/06/25/steve_gibson_really_is_off/
http://www.theregister.co.uk/2001/06/12/security_geek_developing_winxp_raw/
I was waiting for someone else to step up. Glad to see I'm not
disappointed.
On Thu, Aug 18, 2011 at 1:39 PM, William Robbins dangerw...@gmail.comwrote:
Steve Gibson? Seriously?
http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/
On Thu, Aug 18, 2011 at 1:05 PM, Hilderbrand, Doug
doug.hilderbr...@craneaerospace.com wrote:
Steve Gibson is one of my heroes.
IMNSO: Steve Gibson is a blowhard who doesn't know half as much as
he thinks he does. SpinRite may or may not have been useful back when
hard drives were steam
C'mon... you know NanoProbes(!) are Teh Bomb!
-sc
From: William Robbins [mailto:dangerw...@gmail.com]
Sent: Thursday, August 18, 2011 1:39 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
Steve Gibson? Seriously?
http://www.theregister.co.uk/2006/01
Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
I was waiting for someone else to step up. Glad to see I'm not
disappointed.
On Thu, Aug 18, 2011 at 1:39 PM, William Robbins dangerw...@gmail.com
wrote:
Steve Gibson? Seriously?
http://www.theregister.co.uk/2006/01/21
Admin Issues
*Subject:* Re: Almost, but not quite OT: Passwords
** **
Steve Gibson? Seriously?
** **
http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/
http://www.theregister.co.uk/2001/06/25/steve_gibson_really_is_off/
http://www.theregister.co.uk/2001/06/12
** **
*From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
*Sent:* Thursday, August 18, 2011 10:48 AM
*To:* NT System Admin Issues
*Subject:* Re: Almost, but not quite OT: Passwords
** **
I was waiting for someone else to step up. Glad to see I'm not
disappointed.
On Thu
I ignored it just to get to the heart of the point...
* *
*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the SMB market…
*
On Thu, Aug 18, 2011 at 1:47 PM, Jonathan Link jonathan.l...@gmail.comwrote:
I was waiting for someone else to step up. Glad to
Hilderbrand | Systems Analyst, Information Technology | Crane
Aerospace Electronics
** **
*From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
*Sent:* Thursday, August 18, 2011 10:48 AM
*To:* NT System Admin Issues
*Subject:* Re: Almost, but not quite OT: Passwords
** **
I
On Thu, Aug 18, 2011 at 2:16 PM, Hilderbrand, Doug
doug.hilderbr...@craneaerospace.com wrote:
... short and complex versus long password issue. I use long teens and
twenties
long character passwords at work with upper/lower case, numbers and
punctuation.
Broadly speaking, increasing the
values also have varying degrees of success.
-sc
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Thursday, August 18, 2011 2:41 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Thu, Aug 18, 2011 at 2:16 PM, Hilderbrand, Doug
...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Saturday, 13 August 2011 5:37 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
The stored password must be hashed (and preferably salted too) otherwise I
would change banks. When you enter your password, that is hashed
With single sign on products, it will happen either way. Then you have a
service desk call and cost to deal with
Cheers
Ken
From: Ben Schorr [mailto:b...@rolandschorr.com]
Sent: Saturday, 13 August 2011 3:57 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Nice
, Kennedy, Jim wrote:
Good point, I just got phished.
From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Thursday, August 11, 2011 10:57 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It wasn't one of my current 'real' passwords.
I'm not putting one of those
AM 8/11/2011, Kennedy, Jim wrote:
Good point, I just got phished.
From: Gary Slinger [ mailto:gary.slin...@gmail.com
mailto:gary.slin...@gmail.com ]
Sent: Thursday, August 11, 2011 10:57 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It wasn't one of my current
Message-
From: Ben Schorr b...@rolandschorr.com
Date: Fri, 12 Aug 2011 09:15:39
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues
ntsysadmin@lyris.sunbelt-software.comSubject: RE: Almost, but not quite OT:
Passwords
Length is more important
a week.
At 11:00 AM 8/11/2011, Kennedy, Jim wrote:
Good point, I just got phished.
From: Gary Slinger [ mailto:gary.slin...@gmail.com
mailto:gary.slin...@gmail.com ]
Sent: Thursday, August 11, 2011 10:57 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It wasn't
?
Ben M. Schorr
Roland Schorr Tower
www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Friday, August 12, 2011 12:19
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
A good
.
At 11:00 AM 8/11/2011, Kennedy, Jim wrote:
Good point, I just got phished.
*From:* Gary Slinger [ mailto:gary.slin...@gmail.comgary.slin...@gmail.com]
*Sent:* Thursday, August 11, 2011 10:57 AM
*To:* NT System Admin Issues
*Subject:* Re: Almost, but not quite OT: Passwords
It wasn't one
-software.com
*ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
*Subject: *RE: Almost, but not quite OT: Passwords
Buwhahahah…. 124 thousand years.
*From:* Gary Slinger [ mailto:gary.slin...@gmail.comgary.slin...@gmail.com]
*Sent:* Thursday, August 11, 2011 10:45 AM
/
From: G.Waleed Kavalec [mailto:kava...@gmail.com]
Sent: Friday, August 12, 2011 12:51
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
A trick we used to use (many years ago) was that after 3 bad tries NO
password would work, even the right one.
No additional error
On Fri, Aug 12, 2011 at 3:00 PM, andy afo...@psu.edu wrote:
Are unix systems still only 8 characters.
I don't think that's been an issue in most/all Unix systems for a
few decades. :) Certainly the *nix systems they had at the
university back in 1995 had no such limitations. :)
-- Ben
~
On Fri, Aug 12, 2011 at 3:50 PM, G.Waleed Kavalec kava...@gmail.com wrote:
A trick we used to use (many years ago) was that after 3 bad tries NO
password would work, even the right one. No additional error message,
it just let you keep on trying.
That's a common technique. It's available
PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Now you are all entering you real current Password right? Hmmm..how long
until you are hacked because the collected those Passwords?
-Original Message-
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com
12, 2011 13:51
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Fri, Aug 12, 2011 at 3:50 PM, G.Waleed Kavalec kava...@gmail.com
wrote:
A trick we used to use (many years ago) was that after 3 bad tries NO
password would work, even the right one. No additional
System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
A good brute force attack doesn't throw passwords out for authentication -
just gets the hashed passwords and checks them against hashed values,
AFAIK.
Therefore account lockouts are not triggered.
Sent from my POS BlackBerry
On Fri, Aug 12, 2011 at 4:59 PM, Ben Schorr b...@rolandschorr.com wrote:
Except Windows Lockout tells you when you've been locked out, doesn't
it?
Hmmm. I thought it only told you that if you entered the *correct*
password? It's been awhile since I've needed to deal with it; I may
be
Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Now you are all entering you real current Password right? Hmmm..how long
until you are hacked because the collected those Passwords?
-Original Message-
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent
www.rolandschorr.com
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Friday, August 12, 2011 14:28
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Fri, Aug 12, 2011 at 4:59 PM, Ben Schorr b...@rolandschorr.com
wrote:
Except Windows
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues
ntsysadmin@lyris.sunbelt-software.comSubject: RE: Almost, but not quite OT:
Passwords
But doesn't that require them to break into the authentication system?
When I go to log into my bank it doesn't
On Fri, Aug 12, 2011 at 5:36 PM, kz2...@googlemail.com wrote:
But yes, they need to capture the hashes somehow, in that
situation, either by sniffing or getting access to the database.
But once that compromise is done, its usually only a matter of time.
Typically if one can sniff the
]
Sent: 10 August 2011 23:11
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Because the security team and or auditor are simply following a check
list. Complex passwords required - check. My job is done.
Carl Webster
Consultant and Citrix Technology Professional
I believe the NSA came up with a value of 0.6 eventually, but agree that
it's sound advice.
a
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: 11 August 2011 02:07
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Wed, Aug 10, 2011
.
** **
*From:* Webster [mailto:webs...@carlwebster.com]
*Sent:* Wednesday, August 10, 2011 9:17 PM
*To:* NT System Admin Issues
*Subject:* RE: Almost, but not quite OT: Passwords
** **
ETrade:
** **
It's easy to change the password you use to log on to your account at
E
Crap...I now have to change my password again...
From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Wednesday, August 10, 2011 6:44 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
If the in-house team ever got a round to it both could be kept happy but using
I change my passwords religiously every 7 years.
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.comhttp://www.carlwebster.com/
From: Gasper, Rick [mailto:rickgas...@kings.edu]
Subject: RE: Almost, but not quite OT: Passwords
Crap...I now have to change my
7 years.
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.comhttp://www.carlwebster.com/
From: Gasper, Rick [mailto:rickgas...@kings.edu]
Subject: RE: Almost, but not quite OT: Passwords
Crap…I now have to change my password again…
From: Jon Harris
, 2011 8:32 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
nice.
Reminds me of an old roommate, I clean the shower every six months whether it
needs it or not.
Sent from my Palm Pre on the Now Network from Sprint
On Aug 11, 2011 7
Have your users go here: http://www.howsecureismypassword.net/
and enter their password to see how long it would take to crack. A fun little
exercise.
Shauna Hensala
From: webs...@carlwebster.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Almost, but not quite OT: Passwords
, but not quite OT: Passwords
Crap…I now have to change my password again…
From: Jon Harris [mailto:jk.har...@gmail.com]mailto:[mailto:
jk.har...@gmail.com]
Subject: Re: Almost, but not quite OT: Passwords
If the in-house team ever got a round to it both could be kept happy but
using something like
I got one year.
From: Shauna Hensala [mailto:she...@msn.com]
Sent: Thursday, August 11, 2011 7:16 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Have your users go here: http://www.howsecureismypassword.net/
and enter their password to see how long
You can get two months out of them if you turn them inside-out!
From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, August 11, 2011 9:19 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Had a youth minister say, I change my underware once
It would take a desktop PC
About 193 trillion years
to hack your password
I'll take it.
-sc
From: Martin Blackstone [mailto:mblackst...@gmail.com]
Sent: Thursday, August 11, 2011 10:20 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
I got one year
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Almost, but not quite OT: Passwords
Date: Thu, 11 Aug 2011 13:43:08 +
I changed my bed linens at the beginning of each semester whether they
needed changing or not. J
Carl Webster
Consultant and Citrix
:* Martin Blackstone [mailto:mblackst...@gmail.com]
*Sent:* Thursday, August 11, 2011 10:20 AM
*To:* NT System Admin Issues
*Subject:* RE: Almost, but not quite OT: Passwords
** **
I got one year.
** **
*From:* Shauna Hensala [mailto:she...@msn.com]
*Sent:* Thursday, August 11, 2011
@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues
ntsysadmin@lyris.sunbelt-software.comSubject: RE: Almost, but not quite OT:
Passwords
Have your users go here: http://www.howsecureismypassword.net/
and enter their password to see how long it would take to crack. A fun little
One of mine gave back 5 septillion years. ;)
Sean Rector, MCSE
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, August 11, 2011 10:25 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
It would take a desktop PC
About 193 trillion years
: Re: Almost, but not quite OT: Passwords
Must be easy compiling dictionary attack files for the admins of that
site. :-)
Sent from my POS BlackBerry wireless device, which may wipe itself at
any moment
From: Shauna Hensala she...@msn.com
Date: Thu, 11 Aug
...@carlwebster.com
To:
ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Almost, but not quite OT: Passwords
Date: Thu, 11 Aug 2011 13:43:08 +
I changed my bed linens at the beginning of each semester whether they needed
changing or not. :)
Carl Webster
://www.CarlWebster.comhttp://www.carlwebster.com/
From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Thursday, August 11, 2011 9:33 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
One of mine gave back 5 septillion years. ;)
Sean Rector, MCSE
From: Steven M
@lyris.sunbelt-software.comSubject: RE: Almost, but not quite OT:
Passwords
I got one year.
From: Shauna Hensala [mailto:she...@msn.com]
Sent: Thursday, August 11, 2011 7:16 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Have your users go here: http
Buwhahahah 124 thousand years.
From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Thursday, August 11, 2011 10:45 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
With one special character, 15 years. Without it, 4 days. Interesting
Some of the security thinking I've heard is the unintended consequence of
'complex' alphanumeric passwords that were to thwart brute force/dictionary
remote attacks provides a rich source for the keylogger/social remote attack.
If that data stream has content which is _not_ in the dictionary,
Admin Issues
ntsysadmin@lyris.sunbelt-software.comSubject: RE: Almost, but not quite OT:
Passwords
Buwhahahah 124 thousand years.
From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Thursday, August 11, 2011 10:45 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT
Good point, I just got phished.
From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Thursday, August 11, 2011 10:57 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It wasn't one of my current 'real' passwords. I'm not putting one of those in
on a site I don't
Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
1.52 months
From: Webster [mailto:webs...@carlwebster.com]
Sent: Thursday, August 11, 2011 9:38 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Using the one from GRC:
Time
Professional
http://www.CarlWebster.comhttp://www.carlwebster.com/
From: Sean Rector
[mailto:sean.rec...@vaopera.org]mailto:[mailto:sean.rec...@vaopera.org]
Sent: Thursday, August 11, 2011 9:33 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
One of mine gave back 5
[mailto:pmaglin...@scvl.com]
Sent: Thursday, 11 August 2011 11:03 PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Using XxXxXxXxXxXx on GRC:
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second)
1.27
The quick brown fox jumps over the lazy d0g
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, August 10, 2011 3:48 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
My last two password were in this form:
X xxx'x xx xx
Even websites! A bank I use limits the password to eight characters and you
cannot use special characters.
From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Wednesday, August 10, 2011 5:28 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
Unfortunately way
[mailto:mblackst...@gmail.com]
*Sent:* Thursday, August 11, 2011 10:20 AM
*To:* NT System Admin Issues
*Subject:* RE: Almost, but not quite OT: Passwords
** **
I got one year.
** **
*From:* Shauna Hensala [mailto:she...@msn.com]
*Sent:* Thursday, August 11, 2011 7:16 AM
*To:* NT
and
repudiation), 2FA / 3FA is far more secure.
** **
Cheers
Ken
** **
** **
*From:* Maglinger, Paul [mailto:pmaglin...@scvl.com]
*Sent:* Thursday, 11 August 2011 11:03 PM
*To:* NT System Admin Issues
*Subject:* RE: Almost, but not quite OT: Passwords
** **
Using
Which is a machine not connected to the production network for the
password I tested.
Booyah.
-sc
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Thursday, August 11, 2011 10:28 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
Except now
Subject: RE: Almost, but not quite OT: Passwords
Date: Thu, 11 Aug 2011 13:43:08 +
I changed my bed linens at the beginning of each semester whether they
needed changing or not.
J
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com
From
It looks like Randall @ xkcd supposes each word in correct horse battery
staple has 11 bits of entropy, which is to say, the person choosing the
password has a comfortable vocabulary of 2^11 (2,048) words from which he
will pick four at random. (2048^4 is the same as 2^44.) I think 2,048
words
]
Sent: Wednesday, August 10, 2011 5:06 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It looks like Randall @ xkcd supposes each word in correct horse battery
staple has 11 bits of entropy, which is to say, the person choosing the
password has a comfortable vocabulary
Professional
http://www.CarlWebster.com http://www.carlwebster.com/
** **
** **
*From:* Steve Kradel [mailto:skra...@zetetic.net]
*Sent:* Wednesday, August 10, 2011 5:06 PM
*To:* NT System Admin Issues
*Subject:* Re: Almost, but not quite OT: Passwords
** **
It looks like Randall
My last two password were in this form:
X xxx'x xx xx.
and
Xxx xx xx, xxx .
Simple, straightforward sentences of 29 and 31 characters respectively. Easy
to type and remember, and while I don't have the time to calculate their
bits of entropy, I'll bet it's fairly
Agreed using sentences makes sense and with simple replacement of a couple
of words I would think make them very hard to break without social
engineering. User training will help with even that aspect.
Jon
On Wed, Aug 10, 2011 at 6:47 PM, Kurt Buff kurt.b...@gmail.com wrote:
My last two
, August 10, 2011 5:06 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It looks like Randall @ xkcd supposes each word in correct horse battery
staple has 11 bits of entropy, which is to say, the person choosing the
password has a comfortable vocabulary of 2^11 (2,048
alphanumeric passwords pretty easy too.
** **
*From:* Steve Kradel [mailto:skra...@zetetic.net]
*Sent:* Wednesday, August 10, 2011 5:06 PM
*To:* NT System Admin Issues
*Subject:* Re: Almost, but not quite OT: Passwords
** **
It looks like Randall @ xkcd supposes each word in correct
Issues
Subject: Re: Almost, but not quite OT: Passwords
It looks like Randall @ xkcd supposes each word in correct horse battery
staple has 11 bits of entropy, which is to say, the person choosing the
password has a comfortable vocabulary of 2^11 (2,048) words from which he
will pick four at random
://www.carlwebster.com/
From: Steve Kradel [mailto:skra...@zetetic.net]
Sent: Wednesday, August 10, 2011 5:06 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It looks like Randall @ xkcd supposes each word in correct horse battery
staple has 11 bits of entropy, which
, 2011 7:23 PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
And, many apps *still*have limits on password length that hamper passwords
above 10 or 12 characters.
-ASB: http://about.me/Andrew.S.Baker
Sent from my Motorola Droid
On Aug 10, 2011 6:10 PM, Webster
*To:* NT System Admin Issues
*Subject:* RE: Almost, but not quite OT: Passwords
** **
And, many apps *still*have limits on password length that hamper passwords
above 10 or 12 characters.
-ASB: http://about.me/Andrew.S.Baker
Sent from my Motorola Droid
On Aug 10, 2011 6:10
...@zetetic.net]
Sent: Wednesday, August 10, 2011 5:06 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It looks like Randall @ xkcd supposes each word in correct horse battery
staple has 11 bits of entropy, which is to say, the person choosing the
password has
On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott crawfo...@evangel.edu wrote:
Interesting. I’d like to understand how the bits of entropy are calculated
though.
As a rule of thumb, English has about one bit of entropy per
character. (It's more complicated than that, of course, and figures
...@carlwebster.com]
Sent: Wednesday, August 10, 2011 5:49 PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Most financial sites (many banks and investment sites [Vanguard, eTrade]) do
not allow complex passwords!
Carl Webster
Consultant and Citrix Technology Professional
]mailto:[mailto:asbz...@gmail.com]
Subject: RE: Almost, but not quite OT: Passwords
And, many apps *still*have limits on password length that hamper passwords
above 10 or 12 characters.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business
:[mailto:webs...@carlwebster.com]
Subject: RE: Almost, but not quite OT: Passwords
Most financial sites (many banks and investment sites [Vanguard, eTrade]) do
not allow complex passwords!
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.comhttp
Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, August 10, 2011 7:22 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
I'm not going to argue the point too strongly, but building a short, complex
password probably requires using a mental template of some sort. Perhaps
Thanks for the info.
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, August 10, 2011 8:07 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott crawfo...@evangel.edu wrote
:* Re: Almost, but not quite OT: Passwords
** **
I'm not going to argue the point too strongly, but building a short,
complex password probably requires using a mental template of some sort.
Perhaps the initial letters of a set of song titles, or addresses, or
something like that.
I
The overall answer is that eventually passwords have to go and other forms of
authentication take over. ID10t proof options, if such a thing will ever exist.
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, 11 August 2011 7:06 AM
To: NT System Admin Issues
Subject: Almost, but
86 matches
Mail list logo
