Subject: Re: AD and enforced password policies
On Jan 3, 2012, at 8:09 19AM, Greg Ihnen wrote:
On Jan 3, 2012, at 4:14 AM, Måns Nilsson wrote:
Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at
11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me):
However I
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at
02:16:38PM - Quoting Tim Franklin (t...@pelican.org):
There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at
10:58:35PM -0600 Quoting Jimmy Hess (mysi...@gmail.com):
Manual forced immediate password expiration should be in the security
admin's toolbox as a possible response to observation of questionable or
potentially
Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at
11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me):
However I would say 365 day expiration is a little long, 3 months is about
the average in a non financial oriented network.
If you force me to change
On Jan 3, 2012, at 4:14 AM, Måns Nilsson wrote:
Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at
11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me):
However I would say 365 day expiration is a little long, 3 months is about
the average in a non
...@gmail.com wrote:
On Jan 3, 2012, at 4:14 AM, Måns Nilsson wrote:
Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at
11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me):
However I would say 365 day expiration is a little long, 3 months is about
the average
On 01/03/2012 05:09 AM, Greg Ihnen wrote:
A side issue is the people who use the same password at fuzzykittens.com as they do at bankofamerica.com. Of course fuzzykittens doesn't need high security for their password management and storage. After all, what's worth stealing at fuzzykittens? All
On Jan 3, 2012, at 8:09 19AM, Greg Ihnen wrote:
On Jan 3, 2012, at 4:14 AM, Måns Nilsson wrote:
Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at
11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me):
However I would say 365 day expiration is a little
On Tue, Jan 3, 2012 at 05:09, Greg Ihnen os10ru...@gmail.com wrote:
A side issue is the people who use the same password at fuzzykittens.com as
they do at bankofamerica.com. Of course fuzzykittens doesn't need high
security for their password management and storage. After all, what's
There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and password/pin code. Most banks have a hardware token,
either challenge-response or HOTP/TOTP; some use the chip in chip-and-pin
cards as
On Jan 2, 2012, at 8:45 PM, Steven Bellovin wrote:
Minimum Length : 8
Maximum Length : 12
Maximum Repeated Characters : 2
Minimum Alphabetic Characters Required : 1
Minimum Numeric Characters Required : 1
Starts with a Numeric Character
No User Name
fwiw, citibank in the states uses normal passwording for personal
accounts. but citibank business uses two-factor with a password
and a customized vasco digipass 270.
randy
additionally, etrade in the states has had 2-factor authentication
(RSA token) for over 8 or 9 years now.
it's one reasonable reason to stay with them.
t
On Tue, Jan 3, 2012 at 10:52 PM, Randy Bush ra...@psg.com wrote:
fwiw, citibank in the states uses normal passwording for personal
On Tue, Jan 3, 2012 at 2:44 AM, Måns Nilsson mansa...@besserwisser.orgwrote:
Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at
11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me):
However I would say 365 day expiration is a little long, 3 months is
about
You would set those in users section of AD.
AD can be very quirky when it wants to.
Robert
- Original Message -
From: Jones, Barry bejo...@semprautilities.com
To: Nanog@nanog.org
Sent: Monday, January 02, 2012 3:27 PM
Subject: AD and enforced password policies
Hello all. Happy New
On Mon, Jan 2, 2012 at 2:27 PM, Jones, Barry bejo...@semprautilities.comwrote:
I have a requirement to enforce password policies on AD (a tacacs and
windows domain). I don't have a great deal of Windows AD knowledge - so a
newbie ;-) this is a little off topic, but I thought I'd ask...
This
expiration 24 history and
full complexity (via third party modules).
-- Blake
-Original Message-
From: Jimmy Hess [mailto:mysi...@gmail.com]
Sent: Monday, January 02, 2012 3:33 PM
To: Jones, Barry
Cc: Nanog@nanog.org
Subject: Re: AD and enforced password policies
On Mon, Jan 2, 2012 at 2
On Mon, Jan 2, 2012 at 22:32, Jimmy Hess mysi...@gmail.com wrote:
The sole root cause for easily guessable passwords is not lack of
technical restrictions. It's also: lazy or limited memory humans who need
passwords that they can remember.
Firstname1234! is very easy to guess, and
On Jan 2, 2012, at 7:05 PM, Gary Buhrmaster wrote:
On Mon, Jan 2, 2012 at 22:32, Jimmy Hess mysi...@gmail.com wrote:
The sole root cause for easily guessable passwords is not lack of
technical restrictions. It's also: lazy or limited memory humans who need
passwords that they can
I just went through some calculations for a (government) site that has the
following rules:
[...]
Under the plausible assumption that very many people will start with a string
of digits, continue with a string of lower-case letters to reach seven
characters,
and then add a period, there are
On Jan 2, 2012, at 9:10 PM, Lyndon Nerenberg wrote:
I just went through some calculations for a (government) site that has the
following rules:
[...]
Under the plausible assumption that very many people will start with a string
of digits, continue with a string of lower-case letters to
On Mon, Jan 2, 2012 at 8:16 PM, Steven Bellovin s...@cs.columbia.edu wrote:
On Jan 2, 2012, at 9:10 PM, Lyndon Nerenberg wrote:
OK -- let's let the set of punctuation be .,; and allow seven choices for
where
it goes. That increases the work factor by 21 -- still not that large a
space
for
22 matches
Mail list logo