Let's just drop the SG thing. I didn't mean to start a flame war. I don't like lockout attempt settings too low. On more occasions than I'd like to admit, I have used up multiple attempts because of a caps-lock issue or because I'm trying to get a valid password *from a different site* to work or something else silly. I think we're all id10ts at one time or another.
Doug Hilderbrand | Systems Analyst, Information Technology | Crane Aerospace & Electronics -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, August 18, 2011 11:10 AM To: NT System Admin Issues Subject: Re: Why not failwords? On Thu, Aug 18, 2011 at 1:25 PM, Hilderbrand, Doug <[email protected]> wrote: > Why hasn't anyone implemented fail words? These are called "duress codes" and are commonly assigned for things like security alarms, locks (like your bank vault), etc. The key aspect of a duress code is that *it appears to succeed like the normal code would*. It notifies responders without alerting the point-of-use. They're intended to protect the person under duress. If the duress code refused entry (or acted like bad password, etc.), the attacker could harm the person under duress. If all the person under duress cares about is protecting the asset, they just refuse to enter any code and take the knife to the guts. Looking for common words as a trap against untargeted attacks is adds nothing; you should already be implementing lockout after a few failed attempts. Stop listening to GRC. While he's not a complete idiot, he's often misinformed, and Can't! Talk! About! Anything! Like! It's! Not! The! Most! Amazing! Thing! Ever!, even if what he's just "discovered" or "invented" has been well-known for decades. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -------------------------------------------------------------------------------- Check out the new Crane Aerospace & Electronics Newsroom! http://newsroom.craneae.com Like us on Facebook! http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics/163305413682908 We value your opinion! How may we serve you better? Please click the survey link to tell us how we are doing: http://www.craneae.com/ContactUs/VoiceofCustomer.aspx Your feedback is of the utmost importance to us. Thank you for your time. -------------------------------------------------------------------------------- Crane Aerospace & Electronics Confidentiality Statement: The information contained in this email message may be privileged and is confidential information intended only for the use of the recipient, or any employee or agent responsible to deliver it to the intended recipient. Any unauthorized use, distribution or copying of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately and destroy the original message and all attachments from your electronic files. -------------------------------------------------------------------------------- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
