It seems to me that just limiting the number of password attempts is a lot more effective at stopping brute force than a complex password...
On Thu, Oct 26, 2017 at 9:31 AM, <[email protected]> wrote: > Kaspersky says that if you had an old XT from the 1980s, an 8 character > password can be brute forced in 43 years. > > With a 2012 Mac Book Pro, 12 days, > > With a botnet, 51 seconds, > > With a supercomputer 1 second. > > I guess it depends on what you envision the bad guy having. > > *From:* Brett A Mansfield > *Sent:* Thursday, October 26, 2017 7:33 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] Sonar password requirements too strict? > > A appreciate your opinion, but I disagree. > > Thank you, > Brett A Mansfield > > On Oct 26, 2017, at 6:58 AM, Mike Hammett <[email protected]> wrote: > > 8 characters is never enough. > > The size of your organization is irrelevant. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Brett A Mansfield" <[email protected]> > *To: *[email protected] > *Sent: *Thursday, October 26, 2017 7:56:46 AM > *Subject: *Re: [AFMUG] Sonar password requirements too strict? > > I don’t like password managers. They make logging into things take > forever. Also, I haven’t found one for Mac that I like. > > I was first talking about my password when setting it up. It doesn’t > matter if it is customer facing or my admin password, I should be able to > choose my level of security. An 8 character password is secure enough for > me and my small organization. > > But customer passwords certainly need to be easier and more relaxed. > > Thank you, > Brett A Mansfield > > On Oct 26, 2017, at 1:28 AM, Ryan Ray <[email protected]> wrote: > > I just realized you were talking about customer facing passwords, which > absolutely should be somewhat easy as people seem to be pretty blase' about > their password security, but anyone with a lick of tech knowledge should be > using a password manager with a random long password for every site. I use > 1password which has apps for Windows, osx, ios, android and browser > extensions. Then every password is as long as the site will let me with > random characters. > > On Wed, Oct 25, 2017 at 6:13 PM, Brett A Mansfield < > [email protected]> wrote: > >> Oh no, admin password should be very strong. But I am just barely playing >> with this for the first time and I didn’t know they made it so you can >> change the requirements. I’m quite impressed with sonar so far. It looks >> like it will take a very long time to setup because of how many features >> there are. >> >> Thank you, >> Brett A Mansfield >> >> On Oct 25, 2017, at 7:03 PM, Chuck McCown <[email protected]> wrote: >> >> Oh, for the customers. That is a different kettle of pickles. I agree, >> customer passwords can be less secure in my opinion. >> I thought you were talking about your admin password. >> >> *From:* Brett A Mansfield >> *Sent:* Wednesday, October 25, 2017 6:50 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] Sonar password requirements too strict? >> >> I can tell already that it will be a serious challenge. I have a lot of >> customers that will be calling me just to complain that they cannot get >> into their account because the password requirements are too strict and >> they forgot their password again. >> >> Should I not be able to choose my own password requirements? >> >> Thank you, >> Brett A Mansfield >> >> On Oct 25, 2017, at 6:37 PM, Mike Hammett <[email protected]> wrote: >> >> Absolutely not. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> *From: *"Brett A Mansfield" <[email protected]> >> *To: *[email protected] >> *Sent: *Wednesday, October 25, 2017 7:32:07 PM >> *Subject: *[AFMUG] Sonar password requirements too strict? >> >> Anyone here that uses sonar find the password requirements to be too >> strict? 12 character requirement. >> >> When it comes to passwords, I should get to choose any password I want >> when I’m paying someone for a service. I have the same issue with Apples >> new stuff. >> >> I just spun up a new instance of sonar to try it out. I haven’t even >> passed the password change screen yet and I think I’ve already decided to >> cancel. >> >> Thank you, >> Brett A Mansfield >> >> >> > > > >
