http://infosecplace.com/blog/2006/07/28/password-length-vs-complexity-vs-getting-rid-of-the-darn-things/ Commentary on the State of Information Security Thu, 02 Feb 2012 20:22:19 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://infosecplace.com/blog/2006/07/28/password-length-vs-complexity-vs-getting-rid-of-the-darn-things/comment-page-1/#comment-868 Infosecuritylab Mon, 18 Sep 2006 11:15:51 +0000 http://infosecplace.com/blog/2006/07/28/password-length-vs-complexity-vs-getting-rid-of-the-darn-things/#comment-868 Password is very important because in nowadays password is our virtual key, and choose safe password is choose safe key for your information!!! Password is very important because in nowadays password is our virtual key, and choose safe password is choose safe key for your information!!!

]]> http://infosecplace.com/blog/2006/07/28/password-length-vs-complexity-vs-getting-rid-of-the-darn-things/comment-page-1/#comment-143 An Information Security Place » Blog Archive » The Mutli-Factor authentication’s relationship to SSO Wed, 02 Aug 2006 04:40:35 +0000 http://infosecplace.com/blog/2006/07/28/password-length-vs-complexity-vs-getting-rid-of-the-darn-things/#comment-143 [...] I posted a few days ago about the password length vs complexity vs. multi-factor authentication debate.  One of the assertions I made was that it is essential to tie in SSO with multi-factor authentication.  Now, I did not assert in my post that SSO makes multi-factor authentication more secure as Chris Hoff says I did in his post.  However, that was a point I wanted to make, so I am not quite sure why I didn’t do it.  So, without further hesitation, I now officially contend that it does make a system more secure in many ways.  SO, let’s look at them: [...] [...] I posted a few days ago about the password length vs complexity vs. multi-factor authentication debate.  One of the assertions I made was that it is essential to tie in SSO with multi-factor authentication.  Now, I did not assert in my post that SSO makes multi-factor authentication more secure as Chris Hoff says I did in his post.  However, that was a point I wanted to make, so I am not quite sure why I didn’t do it.  So, without further hesitation, I now officially contend that it does make a system more secure in many ways.  SO, let’s look at them: [...]

]]> http://infosecplace.com/blog/2006/07/28/password-length-vs-complexity-vs-getting-rid-of-the-darn-things/comment-page-1/#comment-141 An Information Security Place » Blog Archive » Today’s Security Tip: Password Cracking Tue, 01 Aug 2006 21:05:43 +0000 http://infosecplace.com/blog/2006/07/28/password-length-vs-complexity-vs-getting-rid-of-the-darn-things/#comment-141 [...] I recently posted about password length vs. complexity vs. two-factor authentication.  But passwords will be around for quite a while, so what are some of the things security professionals can do to keep passwords up to snuff?  One of the ways is obviously to enforce password length and complexity, but politics don’t always let that happen.  So many security shops simply have to set policy and and then try to enforce it as best they can.  But how do you do that?  Two words: password cracker.  Once you crack the passwords and determine the ones out of policy, then you go smack the user upside the head with the rolled-up policy, then make ‘em change the password. [...] [...] I recently posted about password length vs. complexity vs. two-factor authentication.  But passwords will be around for quite a while, so what are some of the things security professionals can do to keep passwords up to snuff?  One of the ways is obviously to enforce password length and complexity, but politics don’t always let that happen.  So many security shops simply have to set policy and and then try to enforce it as best they can.  But how do you do that?  Two words: password cracker.  Once you crack the passwords and determine the ones out of policy, then you go smack the user upside the head with the rolled-up policy, then make ‘em change the password. [...]

]]>