I'd say pretty much everything is becoming a computing environment. I guess I'm saying that whether implemented or not maybe failwords need to be built in from the ground up.
To enable the user who has access to the multi-million dollar stock account to use a failword, the infrastructure would need to be there for the little guy like me. At the local hardware/ big box store 5 tries and you're out is fine. Maybe not at the bank. Are we so fixated on low hanging fruit that we can't set our sights any higher? I've never found that "we've always done it that way" was a good reason for anything. By itself. I do realize that inertia is a force of nature. Doug Hilderbrand | Systems Analyst, Information Technology | Crane Aerospace & Electronics Work: 425-743-8172 | Mobile: 425-835-DOUG(3684) -----Original Message----- From: Harry Singh [mailto:[email protected]] Sent: Thursday, August 18, 2011 11:52 AM To: NT System Admin Issues Subject: Re: Why not failwords? I could be missing your objective here, but could you explain how would this work in a computing environment? You use the *h@rd3r* password on relatively sensitive websites ( banks, corporate login , email etc) and use your failword for everything else? Would you expect, as an example, an AD database to store two sets of passwords? And if brute force occurs the weaker password (failword) is obtained and subsequently used triggering a security event? I could be missing the efficacy of using a failword in a computing environment entirely. Cheers, Harry On Thursday, August 18, 2011, William Robbins <[email protected]> wrote: > That's always the balance security has to walk between what's safe and > what's usable. But as Ben said, the more usable you make it and allowing for > PEBKAC errors, the easier it is for it to be compromised. > > I do the CAPS lock thing on occasion, or what ever too...but after that first > notification I pay attention to everything to be certain I don't lock my > account. 3 - 5 attempt should be more than adequate I think. > - WJR > > > On Thu, Aug 18, 2011 at 13:24, Hilderbrand, Doug > <[email protected]> wrote: > > Let's just drop the SG thing. I didn't mean to start a flame war. > > I don't like lockout attempt settings too low. On more occasions than > I'd like to admit, I have used up multiple attempts because of a > caps-lock issue or because I'm trying to get a valid password *from a > different site* to work or something else silly. I think we're all > id10ts at one time or another. > > > Doug Hilderbrand | Systems Analyst, Information Technology | Crane > Aerospace & Electronics > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Thursday, August 18, 2011 11:10 AM > To: NT System Admin Issues > Subject: Re: Why not failwords? > > On Thu, Aug 18, 2011 at 1:25 PM, Hilderbrand, Doug > <[email protected]> wrote: >> Why hasn't anyone implemented fail words? > > These are called "duress codes" and are commonly assigned for things > like security alarms, locks (like your bank vault), etc. The key > aspect of a duress code is that *it appears to succeed like the normal > code would*. It notifies responders without alerting the point-of-use. > They're intended to protect the person under duress. > If the duress code refused entry (or acted like bad password, etc.), > the attacker could harm the person under duress. If all the person > under duress cares about is protecting the asset, they just refuse to > enter any code and take the knife to the guts. > > Looking for common words as a trap against untargeted attacks is > adds nothing; you should already be implementing lockout after a few > failed attempts. > > Stop listening to GRC. While he's not a complete idiot, he's often > misinformed, and Can't! Talk! About! Anything! Like! It's! Not! > The! Most! Amazing! Thing! Ever!, even if what he's just > "discovered" or "invented" has been well-known for decades. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ---------------------------------------------------------------------- > ---------- Check out the new Crane Aerospace & Electronics Newsroom! > http://newsroom.craneae.com > Like us on Facebook! > http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics/ > 163305413682908 > > We value your opinion! How may we serve you better? > Please click the survey link to tell us how we are doing: > http://www.craneae.com/ContactUs/VoiceofCustomer.aspx > Your feedback is of the utmost importance to us. Thank you for your time. > ---------------------------------------------------------------------- > ---------- Crane Aerospace & Electronics Confidentiality Statement: > The information contained in this email message may be privileged and > is confidential information intended only for the use of the > recipient, or any employee or agent responsible to deliver it to the > intended recipient. Any unauthorized use, distribution or copying of > this information is strictly prohibited and may be unlawful. If you > have received this communication in error, please notify the sender > immediately and destroy the original message and all attachments from your > electronic files. > ---------------------------------------------------------------------- > ---------- > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -------------------------------------------------------------------------------- Check out the new Crane Aerospace & Electronics Newsroom! http://newsroom.craneae.com Like us on Facebook! http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics/163305413682908 We value your opinion! How may we serve you better? Please click the survey link to tell us how we are doing: http://www.craneae.com/ContactUs/VoiceofCustomer.aspx Your feedback is of the utmost importance to us. Thank you for your time. -------------------------------------------------------------------------------- Crane Aerospace & Electronics Confidentiality Statement: The information contained in this email message may be privileged and is confidential information intended only for the use of the recipient, or any employee or agent responsible to deliver it to the intended recipient. Any unauthorized use, distribution or copying of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately and destroy the original message and all attachments from your electronic files. -------------------------------------------------------------------------------- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
