I've been listening on a number of lists, and there are a couple of things to consider, the second one of which I am evaluating for bogosity:
1) Pass The Hash attacks. http://oss.coresecurity.com/pshtoolkit/doc/index.html 2) Long passphrases are considered by some to be not much better than relatively short passwords. The reasoning is thus: each word can be considered a token, and the number of tokens is usually fairly small - less than the number of letters in a longish password, frequently. I find the second one a bit eccentric - after all, punctuation in the middle of the sentence, and numbers almost anywhere in it, will definitely skew the complexity to the right quite a bit. Worthy of some more thought, however.... Kurt On Thu, Apr 15, 2010 at 14:49, David Lum <[email protected]> wrote: > Fortunately I have more than 60 days for each password (errr, passphrase > Sherry!). What gets screwy is when I hop from network to network since I > don’t use the same ones everywhere. My first long passwords were “This > password is hard to guess” then changed to “This password is harder to > guess”, “This password is even harder to guess”, LOL. > > > > I heard somewhere that dictionary attacks can figure out phrases, anyone > able to shed any light on that? I do substitute letters with numbers/symbols > on occasion but not everywhere. > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > From: Brian Clark [mailto:[email protected]] > Sent: Thursday, April 15, 2010 2:09 PM > To: NT System Admin Issues > Subject: Re: please don't change your password! > > > > Funny ones at that! Question is how often do you have to re enter them, as > your tying is so good! ;) > > > > On 15 April 2010 22:03, Sherry Abercrombie <[email protected]> wrote: > > Actually, those are considered pass-phrases I do believe. ;) > > > > On Thu, Apr 15, 2010 at 3:57 PM, David Lum <[email protected]> wrote: > > I am very good at long “passwords”, and so is anyone that can type using > correct punctuation. The biggest hindrance to long password use are systems > that limit the length of the password. > > > > Examples of complex long passwords include: > > > > I would like a beer from the refrigerator. Now. > > Why don’t you close the door ALL the way? > > You’re not wearing that outside, are you? > > The person watching me can’t believe how long this password is. > > > > And when it’s time to change the long password: > > > > I would REALLY like a beer from the refrigerator. Now! > > Why don’t you close the door ALL the way next time? > > You’re not wearing that outside, are you? Seriously? > > The person watching me really can’t believe how long this password is. > > > > Etc… > > > > I love how big people eyes get when they see my tying in my 27 character > Windows password, I HATE the systems that limit me to 15 or less. > > > > Dave > > > > > > From: Jon Harris [mailto:[email protected]] > Sent: Thursday, April 15, 2010 1:45 PM > To: NT System Admin Issues > Subject: Re: please don't change your password! > > > > Sounds like someone trying to generate reader interest and FUD. A quick > search seems he likes controversial subjects/items. Since passwords are the > defacto standard for most Internet sites for protection of customers. I see > no reason for someone to keep the same password for ever. Unless you are > good at generating very long complex passwords. > > > > Jon > > On Thu, Apr 15, 2010 at 4:37 PM, Brian Clark <[email protected]> > wrote: > > After a long week doing a SBS migration I didn't know how to take this > article and needed to share it!! > > > > http://www.boston.com/bostonglobe/ideas/articles/2010/04/11/please_do_not_change_your_password/?page=1 > > > > > > Brian > > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
