If you wanted to make it even harder for a hacker include at least one non alpha numeric character like a !. This will take them longer to hack for it increases the number of possible combinations.
[EMAIL PROTECTED] wrote: > > Just some insight into the problem, I read an article a few months ago that > demonstrated that, by "guessing" with known popular usernames it would on > average take a hacker less then 5 minutes to guess *someones* password. If > at least one user used a dictionary word for their password, then the hacker > could be GUARANTEED to be able to guess a user password within 15 minutes. > > Once a hacker has gained user access, its usually possible to gain > administrator/root privileges, because there are frequently local > utility/application flaws lying around unpatched that can be exploited. > > I wish I had snipped the article now to refer to it, but it does not take to > much thinking with todays high speed processors and high bandwidth internet > connections that such is feasible. > > This is not intended to be snippy, but I expect you have never had a server > you are responsible for hacked, else you would not be quite so loose with > password security rules. > > Terry Fielder > Network Engineer > Great Gulf Homes / Ashton Woods Homes > [EMAIL PROTECTED] > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of [EMAIL PROTECTED] > > Sent: Friday, March 22, 2002 11:45 AM > > To: [EMAIL PROTECTED] > > Subject: [CFTALKTor] password generation > > > > > > How to check for numbers has been answered. I am wondering > > why you are > > forcing people to include numbers in their password. > > > > Given the number of login situations (including ATMs, etc) > > any of us have > > to deal with in out lives ( I have over a dozen for work > > alone), you have > > to take into account how many passwords any one person can be > > expected to > > memorize. Since the number of login situations will probably > > exceed the > > number of passwords anyone can memorize, developers have an > > option of what > > they are going to do to their users. > > > > You can be mean and include rules for passwords, which increases the > > liklihood that this particular password will only be useful for one > > application, and, as such, will less likely to be memorized. > > Or, you can > > be have no rules for passwords and let the user look after their own > > security. > > > > For the record, this is one of my pet peeves. > > > > ************************************ > > I'm creating a small util for generating a password, which is > > working fine. > > What I'm have trouble doing is checking that the generated password > > contains at least one number. I'm looking for an quick way to > > check, rather > > than checking each character, which could be a problem. > > > > > > > > > > - > > You are subscribed to the CFUGToronto CFTALK ListSRV. > > This message has been posted by: [EMAIL PROTECTED] > > To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ > > Manager: Kevin Towes ([EMAIL PROTECTED]) > http://www.CFUGToronto.org/ > This System has been donated by Infopreneur, Inc. > (http://www.infopreneur.net) > > - > You are subscribed to the CFUGToronto CFTALK ListSRV. > This message has been posted by: [EMAIL PROTECTED] > To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ > Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/ > This System has been donated by Infopreneur, Inc. > (http://www.infopreneur.net) -- Cheers Glenn Shukster (Logic Fundamentals Inc.) Thornhill, Ont. Canada Phone:(905)771-6458 Fax:(905)771-6819 www.logicfundamentals.com President of TDUG www.tdug.com - You are subscribed to the CFUGToronto CFTALK ListSRV. This message has been posted by: Glenn Shukster <[EMAIL PROTECTED]> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/ This System has been donated by Infopreneur, Inc. (http://www.infopreneur.net)
