It would be very easy to force everyone to change their password - probably not very popular but easy none the less. What exactly are you trying to achieve? Improve security or simply satisfy some kind of policy that some PHB wants? So many times I see companies focus on the specifics from some source or other[1] without looking at the bigger picture. Complex passwords are useless if your staff can't remember them[2]. Just as simple[3] passwords are fine if you can guarantee that no unauthorised person can gain access to any part of your system. Mind you we have similar issues here with the PHBs wanting to "tighten security"[4] on the computer system - without looking at some of the other obvious issues that are far more of a risk. That said - lopt[5] is very good at checking how good users passwords are - though to be any use you really need to purchase the product so you can run it every few months to make sure users have not gone back to "bad" passwords - unless you implement some kind of password filter to ensure passwords meet specific requirements of complexity. There are a number of freeware password crackers available - like Cain & Able from http://www.oxid.it/cain.html [6] or John the Ripper from http://www.openwall.com/john/ [7]. You may need Pwdump3 from Http://www.polivec.com/pw3dump/default.htm to dump your password hashes so you can run either of these apps. Of course all this will do you no good - except possibly keep a PHB happy if you have other "issues" that need to be addressed. -Ec 1 Usually a "best practices" book or whitepaper 2 And so they write them down somewhere close to their workstation 3 or even no password. 4 Of course some of these measures they do not want applied to them. 5 As already recommended by someone else on the list 6 Not as good at cracking as lopt - but does dictionary checks real quick 7 Have not personally used this - but it comes highly recommended! -----Original Message----- From: Avien Darbendy [mailto:a.darbendy@xxxxxxxxx] Sent: Tuesday, 18 January 2005 1:37 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: [SPAM] Re: Check password utility No, we want to know who use simple password through using password audit utility and then enforce those users to use complex password. It will be difficult to enforce everybody to change their password. Thanks, Avien -----Oorspronkelijk bericht----- Van: Dogers [mailto:dogers@xxxxxxxxx] Verzonden: maandag 17 januari 2005 12:50 Aan: thin@xxxxxxxxxxxxx Onderwerp: [SPAM] [THIN] Re: Check password utility On Mon, 17 Jan 2005 10:56:42 +0100, Avien Darbendy <a.darbendy@xxxxxxxxx> wrote: > We want to force users to use complex password (character, number, letters) > and we want to check who use > simple password (only words, names, et cetera...) through a utility. > Have somebody experience with similar utility whom check the password for > words or check it with dictionary. Could you not just be mean, enfoce complex passwords in AD and then make them all change their password at next logon? :) Andrew ******************************************************** This Weeks Sponsor SeamlessPlanet.com Domain Names Register your .com domain name for as low as $7.85 One of the lowest prices on the web! Part of The Kenzig Group. http://www.seamlessplanet.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Awesome SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor SeamlessPlanet.com Domain Names Register your .com domain name for as low as $7.85 One of the lowest prices on the web! Part of The Kenzig Group. http://www.seamlessplanet.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Awesome SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor SeamlessPlanet.com Domain Names Register your .com domain name for as low as $7.85 One of the lowest prices on the web! Part of The Kenzig Group. http://www.seamlessplanet.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Awesome SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm