[THIN] Re: Assistance requested...

  • From: "Andrew Wood" <andrew.wood@xxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 16 Jun 2008 00:20:30 +0100

Sure they're basic questions - but if I wanted to organise an attack
profile, knowing what your limits were would be a handy thing to know in
reducing down password possibilities and increasing the likelihood of
finding a positive match. 

Or, if I wanted to simply ring your users to ask them for their passwords -
knowing the answers to those questions would help me appear as a genuine
support desk caller. 

Sounds like sensible advice to me.

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Chad Schneider (IT)
Sent: 15 June 2008 01:55
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Assistance requested...

Not sure I follow?

I am asking some basic questions, trying to compare our fellow healthcare
organizations rules, to be sure we are in check with everyone else.  So long
as you are using compliant rules, I see no issue sharing such information.

Chad Schneider
Systems Engineer
ThedaCare IT
>>> Tim <timothylanderson@xxxxxxxxx> 06/13/08 4:31 PM >>>
Sorry Chad

I can't give you that info other than to say they are stringent.  Anyone who
does, please don't include your organization name, lest this cause an RPE
(resume producing event) for you.


On Fri, Jun 13, 2008 at 3:18 PM, Chad Schneider (IT) <
Chad.M.Schneider@xxxxxxxxxxxxx> wrote:

>  I have been asked to get information from those in Healthcare IT,
> regarding your network password policies.  We have some discussions going
> about are we overly compliant, under complaint, what are others doing?
> What I am looking for is...
> Your network user account (AD) password rules....
> # of characters (min/max)
> Password Age (Min/max)
> Required characters (alpha/numeric/upper/lower/special/etc.)
> Password History
> Any assistance in this is greatly appreciated, as I need to put together a
> report of "our peers" for management.
> Thanks!
> Chad Schneider
> Systems Engineer
> ThedaCare IT
> 920-735-7615

For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
NEW! Follow Thin List on Twitter!
Thin List discussion is now available in blog format at:
HOT! Thinlist MOBILE Feed!
Thinlist quick pick

Other related posts: