Social Engineering and the proper storage of passwords can only be mitigated by education.
I'm actually quite fond of the idea of a company-wide Change-Your-Password-Day. It would set the stage for a lesson that could be shared and driven home with some amount of ceremony, making the lesson much more memorable. I'd include such tips as "Why, yes, it really *is* a good idea to write down your password - as long as you keep it on your person" and "Please choose a password that is really a full sentence, with spaces, punctuation, capitalization, and even a number if you can." Kurt On Dec 27, 2007 8:24 AM, Ziots, Edward <[EMAIL PROTECTED]> wrote: > Yep, > > I find myself in a similar circumstance, password length/complexity vs having > users forget them or write them down which leads to the good old Social > Engineering attacks as such forth. > > Z > > -----Original Message----- > From: Kurt Buff [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 27, 2007 11:22 AM > To: NT System Admin Issues > > Subject: Re: Audit recommendation > > On 12/27/07, Ziots, Edward <[EMAIL PROTECTED]> wrote: > > Kurt, > > > > I don't know if you are being serious on this or not, but I am sure you are > > going > > to run into a boatload of issues with trying to implement that type of > > standard. > > Yes - there are always cultural issues surrounding this. However, > there are ways to manage that. For instance, I've heard of one small > company that makes it a company-wide event - password changing day. > > > Passwords anymore are passé, it's the weakest form of authentication and > > easiest to crack. Honestly, if you want to increase the level of security > > at your > > company I would be looking into 2-factor authentication systems like smart- > > cards proximity cards or otherwise. > > In theory, I agree. However, the front-end costs are not small, and > it's unlikely, at least in my company, that I could sell it. > > Far easier to sell long passwords. > > Kurt > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
