Slashdot Mirror
Passwords May Be Weakest Link
blankmange writes "ZDNet is carrying a piece on network security and employee passwords: "When a regional health care company called in network protection firm Neohapsis to find the vulnerabilities in its systems, the Chicago-based security company knew a sure place to look. Retrieving the password file from one of the health care company's servers, the consulting firm put "John the Ripper," a well-known cracking program, on the case. While well-chosen passwords could take years--if not decades--of computer time to crack, it took the program only an hour to decipher 30 percent of the passwords for the nearly 10,000 accounts listed in the file." Sounds like enforced password formats and mandatory changing of passwords would help, but how many companies actually make them policy and enforce it?"
Passwords May Be Weakest Link
And in other news, "The Earth May Not Be Flat".
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
damnit
--
pants ahoy
Passwords, you are the weakest link... Goodbye!
...secure passwords are usually difficult to remember. Thus users tend to use the month (05 for may, etc) for the mandatory digits, and sometimes cusswords to vent their frustration at the secure password policy. Also, it's not too difficult to find sticky notes with obscure strings a la "h0tgr1tz99" stuck on people's monitors. Hmmmm, wonder what that could mean?
Sources: interviews and sticky notes on monitors
--
martin
...every 39 days, and it remembers an ungodly number of old ones, so you can't recycle. I don't have enough kids to come up with that many passwords.
I am not your blowing wind, I am the lightning.
But that's not always a problem. In some situations, where outsiders don't wander round offices, this can be a good technique. If the office is "secure", writing down passwords is fine. This can certainly be put to good effect in the home.
Post-its stuck to monitors might not be the best place to write them down, I grant you.
This makes me so MAD! I mean, why can't people take their security seriously? It's not that hard to sit down one day and make up a few difficult passwords and memorize them. For example, I use one of
ekk4H$2drPr3Q,
Ltc4buX126w, and
7ydEX92aSz3UIo
for 90% of my passwords. Then all you have to do is not tell anyone about them. They're not hard to remember anymore, and it really wasn't that difficult to begin with. Sheesh, morons.
Not really. I once worked (as a contractor) with a primadona / hot shot who thought he was the side the bread was buttered on (or something like that). Anyway, he left in a huff of wounded genius one day (someone had the audacity to challenge his expense report, IIRC). I had noticed a few months back that 1) his password was all numeric and 2) he typed it in a 3-2-4 pattern. After he was gone & everyone was in a panic because we were locked out of a few important things, I took it upon myself to look up his SSN in the payroll system.
After everyone was sufficiently worried about the fate of the company and all, I asked mildly "Mind if I take a stab at it?"
It worked the first time, and I deadpaned it like it was no big deal, with some Jeeves-ish quip about "the psychology of the individual" and tapped my forehead. It was quite fun.
-- MarkusQ
I'm sure it was unintentional, but you seem to have left out your Slashdot password. Plz fix. Thx.