A trick we used to use (many years ago) was that after 3 bad tries NO password would work, even the right one.
No additional error message, it just let you keep on trying. On Fri, Aug 12, 2011 at 2:15 PM, Ben Schorr <[email protected]> wrote: > Length is more important than complexity, no doubt. While it’s good to have > mixed case and numbers and symbols the fact that you COULD is enough to > force any brute force attack to check for it.**** > > ** ** > > And, frankly, any system that will allow 1,000 passwords a second to be > thrown at it without locking the account or alerting an admin has a serious > problem.**** > > ** ** > > Ben M. Schorr**** > > Roland Schorr & Tower**** > > www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr**** > > ** ** > > *From:* andy [mailto:[email protected]] > *Sent:* Friday, August 12, 2011 12:00 > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > huh.. just tried something similar to one of my passwords, all lowercase, > all letters, of course my real password has a couple of numbers in it. > > 780 quintillion years > > 20 character password all lowercase - 97billion years > 11character password all lowercase 314 years > huh... the password -- 0987654321aaaaaa -1 billion years > aaaaaaaaaaaa - 12 years to hack > > so much for the password rules. > > then again my password would not work on a unix system. Are unix systems > still only 8 characters. > it looks like any 8 character password can be hacked in less than a week. > > > At 11:00 AM 8/11/2011, Kennedy, Jim wrote: > > **** > > Good point, I just got phished. > > *From:* Gary Slinger [ mailto:[email protected]<[email protected]>] > > *Sent:* Thursday, August 11, 2011 10:57 AM > *To:* NT System Admin Issues > *Subject:* Re: Almost, but not quite OT: Passwords > > It wasn't one of my current 'real' passwords. I'm not putting one of those > in on a site I don't know. **** > ------------------------------ > > *From: *"Kennedy, Jim" <[email protected]> > *Date: *Thu, 11 Aug 2011 10:46:08 -0400 > *To: *NT System Admin Issues<[email protected]> > *ReplyTo: *"NT System Admin Issues" <[email protected] > > > *Subject: *RE: Almost, but not quite OT: Passwords > > Buwhahahah…. 124 thousand years. > > *From:* Gary Slinger [ mailto:[email protected]<[email protected]>] > > *Sent:* Thursday, August 11, 2011 10:45 AM > *To:* NT System Admin Issues > *Subject:* Re: Almost, but not quite OT: Passwords > > With one special character, 15 years. Without it, 4 days. Interesting. *** > * > ------------------------------ > > *From: *"Martin Blackstone" <[email protected]> > *Date: *Thu, 11 Aug 2011 07:19:59 -0700 > *To: *NT System Admin Issues< [email protected]> > *ReplyTo: *"NT System Admin Issues" <[email protected] > > > *Subject: *RE: Almost, but not quite OT: Passwords > > I got one year. > > *From:* Shauna Hensala [ mailto:[email protected] <[email protected]>] > *Sent:* Thursday, August 11, 2011 7:16 AM > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords > > Have your users go here: http://www.howsecureismypassword.net/ > and enter their password to see how long it would take to crack. A fun > little exercise. > > [image: Description: Red rose]Shauna Hensala**** > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: Almost, but not quite OT: Passwords > Date: Thu, 11 Aug 2011 13:43:08 +0000 > I changed my bed linens at the beginning of each semester whether they > needed changing or not. J > > > Carl Webster > Consultant and Citrix Technology Professional > http://www.CarlWebster.com <http://www.carlwebster.com/> > > > *From:* Crawford, Scott [ mailto:[email protected]<[email protected]>] > > *Sent:* Thursday, August 11, 2011 8:32 AM > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords > > nice. > > Reminds me of an old roommate, "I clean the shower every six months whether > it needs it or not." > > Sent from my Palm Pre on the Now Network from Sprint > **** > ------------------------------ > > On Aug 11, 2011 7:42 AM, Webster <[email protected] > wrote: > I change my passwords religiously every 7 years. > > Carl Webster > Consultant and Citrix Technology Professional > http://www.CarlWebster.com <http://www.carlwebster.com/> > > > *From:* Gasper, Rick [ mailto:[email protected] <[email protected]>] > > *Subject:* RE: Almost, but not quite OT: Passwords > > Crap…I now have to change my password again… > > *From:* Jon Harris [ mailto:[email protected] <[email protected]>] > *Subject:* Re: Almost, but not quite OT: Passwords > > If the in-house team ever got a round to it both could be kept happy but > using something like "Horses like 2 fly, like bugs like to be stepped on!" > Complex and easy to remember. How long would that take for a brute force > attack or a dictionary attack to get the password? > > FYI that is NOT one of my passwords! > > Jon > On Wed, Aug 10, 2011 at 6:10 PM, Webster <[email protected] > wrote: > Because the security team and or auditor are simply following a check > list. Complex passwords required – check. My job is done. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > Content-Type: image/gif; > name="image001.gif" > Content-Description: image001.gif > Content-Disposition: inline; > Content-ID: <[email protected]>**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- G. Waleed Kavalec __________________ Remember Remember this Coming November The Debt Crisis Treason and Plot I know of No Reason the Republican Treason Should EVER be Forgot ! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
