That's always the balance security has to walk between what's safe and what's usable. But as Ben said, the more usable you make it and allowing for PEBKAC errors, the easier it is for it to be compromised.
I do the CAPS lock thing on occasion, or what ever too...but after that first notification I pay attention to everything to be certain I don't lock my account. 3 - 5 attempt should be more than adequate I think. - WJR On Thu, Aug 18, 2011 at 13:24, Hilderbrand, Doug < [email protected]> wrote: > Let's just drop the SG thing. I didn't mean to start a flame war. > > I don't like lockout attempt settings too low. On more occasions than > I'd like to admit, I have used up multiple attempts because of a > caps-lock issue or because I'm trying to get a valid password *from a > different site* to work or something else silly. I think we're all > id10ts at one time or another. > > > Doug Hilderbrand | Systems Analyst, Information Technology | Crane > Aerospace & Electronics > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Thursday, August 18, 2011 11:10 AM > To: NT System Admin Issues > Subject: Re: Why not failwords? > > On Thu, Aug 18, 2011 at 1:25 PM, Hilderbrand, Doug > <[email protected]> wrote: > > Why hasn't anyone implemented fail words? > > These are called "duress codes" and are commonly assigned for things > like security alarms, locks (like your bank vault), etc. The key aspect > of a duress code is that *it appears to succeed like the normal code > would*. It notifies responders without alerting the point-of-use. > They're intended to protect the person under duress. > If the duress code refused entry (or acted like bad password, etc.), the > attacker could harm the person under duress. If all the person under > duress cares about is protecting the asset, they just refuse to enter > any code and take the knife to the guts. > > Looking for common words as a trap against untargeted attacks is adds > nothing; you should already be implementing lockout after a few failed > attempts. > > Stop listening to GRC. While he's not a complete idiot, he's often > misinformed, and Can't! Talk! About! Anything! Like! It's! Not! > The! Most! Amazing! Thing! Ever!, even if what he's just > "discovered" or "invented" has been well-known for decades. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > -------------------------------------------------------------------------------- > Check out the new Crane Aerospace & Electronics Newsroom! > http://newsroom.craneae.com > Like us on Facebook! > > http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics/163305413682908 > > We value your opinion! How may we serve you better? > Please click the survey link to tell us how we are doing: > http://www.craneae.com/ContactUs/VoiceofCustomer.aspx > Your feedback is of the utmost importance to us. Thank you for your time. > > -------------------------------------------------------------------------------- > Crane Aerospace & Electronics Confidentiality Statement: > The information contained in this email message may be privileged and is > confidential information intended only for the use of the recipient, or any > employee or agent responsible to deliver it to the intended recipient. Any > unauthorized use, distribution or copying of this information is strictly > prohibited > and may be unlawful. If you have received this communication in error, > please notify > the sender immediately and destroy the original message and all attachments > from > your electronic files. > > -------------------------------------------------------------------------------- > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
