Re: strong passwords

From: Herb Martin (news_at_LearnQuick.com)
Date: 01/19/05

• Next message: BCE: "Re: Is there a way to automatically add new users to groups..........."
• Previous message: Steven Dytiuk: "Re: Group Policy Errors"
• In reply to: Ryan Hanisco: "Re: strong passwords"
• Next in thread: Cary Shultz [A.D. MVP]: "Re: strong passwords"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 19 Jan 2005 17:14:09 -0600

"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:Os7v6Tn$EHA.2788@TK2MSFTNGP15.phx.gbl...
> 10-20 seconds?? That's a bit quick, but I completely believe you. Maybe
> you hang out with a tougher crowd than I do?
>
> I have seen a user forget a 6 character password in 10-20 seconds though.

Heck *I* have forgotten a 5 character password
but after a bit of training they can be taught to
remember 15+ characters.

This forgetting is one of the reason I am willing
to let them keep a password longer (than some
other admins) -- IF they have a strong password,
AND IF they do not expose it to others then it
will remain secure longer than a short password
under attack.

Also, short passwords are MUCH easy for a
lurker to extract by watching over someone's
shoulder -- which users should be taught to
avoid.

In fact, users should be taught to give their
password to KNOW ONE and the it is
politeness to turn away when someone types
a password.

-- 
Herb Martin
>
> -- 
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> PS: Hello to Herb and Cary from the frozen tundra of Chicago.  I hope your
> days are warmer than mine.
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:%23Y4uirQ$EHA.3368@TK2MSFTNGP15.phx.gbl...
> > I also would say that trying for secure passwords
> > shorter than 15 characters is a futile effort.
> >
> > I have personally seen 14 character, semi-complex
> > passwords broken in 10-20 seconds on demand.
> >
> > -- 
> > Herb Martin
> >
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news:ublViJP$EHA.2156@TK2MSFTNGP10.phx.gbl...
> > > Flavio,
> > >
> > > In addition to what Ryan and Herb ( Howdy, Guys! ) have stated I would
> > > suggest that you have a minimum password age of at least 10 days.
Why?
> > > Because without a minimum password age your smarter users will quickly
> > find
> > > out that they can change their password xx number of times ( in your
> case,
> > > 14 ) in rapid succession to get back to their favorite password.
Thus,
> > your
> > > password policy will not really be that effective.  With 10 days as
the
> > > minimum password age most - hopefully all! - users will have given up!
> > >
> > > I would also suggest that you contact the MS PSS and get the fix ( for
> > > free ) and install it on all of your computers ( Domain Controllers,
> > Member
> > > Servers, Workstations ) as your users will most likely NOT come up
with
> a
> > > password that will met with the complexity requirements.  This will
> result
> > > in an error message that is quite generic and not very informative.
> With
> > > this hot fix the users will be given an error message that spells out
> > > exactly what they need to do ( assuming that they read it! ).
> > >
> > > Here is the link:
> > >
> > > http://support.microsoft.com/?id=821425
> > >
> > >
> > > You might also want to take a look at this MSKB Article:
> > >
> > > http://support.microsoft.com/?id=309799
> > >
> > > -- 
> > > Cary W. Shultz
> > > Roanoke, VA  24014
> > > Microsoft Active Directory MVP
> > >
> > > http://www.activedirectory-win2000.com
> > > http://www.grouppolicy-win2000.com
> > >
> > >
> > >
> > > "Flavio Alves" <FlavioAlves@discussions.microsoft.com> wrote in
message
> > > news:3454A86B-CEC4-4463-969F-C0A302B86C69@microsoft.com...
> > > > In my company , we are applicating strong passwords and i have the
> > > > following
> > > > consiguration
> > > > - enforce password history = 12
> > > > - maximum password age = 90 days
> > > > - minimum password age = 0
> > > > - minimum password lenght = 6
> > > > - password must meet complexity ... = disable
> > > > - store passwords using .... = disable
> > > > Now , after changes will to stay of following form .
> > > > - enforce password history = 14
> > > > - maximum password age = 45 days
> > > > - minimum password age = 0
> > > > - minimum password lenght = 8
> > > > - password must meet complexity ... = enable
> > > > - store passwords using .... = disable
> > > >
> > > > What´s the impact in my ambient, that  will occur with all
workstation
> > im
> > > > my
> > > > company ?
> > > >
> > >
> > >
> >
> >
>
>

---

• Next message: BCE: "Re: Is there a way to automatically add new users to groups..........."
• Previous message: Steven Dytiuk: "Re: Group Policy Errors"
• In reply to: Ryan Hanisco: "Re: strong passwords"
• Next in thread: Cary Shultz [A.D. MVP]: "Re: strong passwords"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: strong passwords ... I have seen a user forget a 6 character password in 10-20 seconds though. ... "Herb Martin" wrote in message ... Workstations) as your users will most likely NOT come up with ... >> in an error message that is quite generic and not very informative. ... (microsoft.public.win2000.active_directory) Re: Please help a DNS dummie! ... Herb Martin made a post then I commented below ... ::: saying not to use a numeric as the first character. ... :: RFC 1035 clearly says, ... :: Dashes are legal in DNS names and with Unicode ... (microsoft.public.windows.server.dns)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)