Well it depends on how exposed the login is to the outside world. In
any situation where an attacker would have an opportunity to make a
brute force attempt remotely before breaking into your system, you'll
need to use complex passwords as modern password crackers can bust
dictionary word strings in almost no time flat. Even using NTLMv2 a
password like library_manager_today could be cracked by LC4 in under 9
seconds. We do use passphrases for some things, but usually only stuff
where you would already have to be logged in as a valid user anyways.
Chris Berry chris_berry@xxxxxxxxxxxxxxxxx Systems Administrator JM Associates & Coast Business Service
Hi,
What's the consensus on this list on easy-to-remember long passphrases vs short, but complex passwords?
There was a lot of talk about this on the last TechEd Europe, but AFAICT, there wasn't ever a consensus, not the keynotes I was on at least.
BW,
Sorin
Sorin Srbu, Systems Engineer Web: http://www.farmfak.uu.se/organisk/ Dept of Medicinal Chemistry, Phone: +46 (0)18-4714482 >> 3 signals >> GSM Div of Org Pharm Chem, Mobile Phone: +46 (0)701-718023 Box 574, Uppsala University, Fax: +46 (0)18-4714474 SE-751 23 Uppsala, Sweden Visit: BMC, Husargatan 3, D5:512b
Public PGP key available on request.
() ASCII ribbon campaign - Against html E-mail /\
Harmless tagline follows:
BOFH excuse follows: Electromagnetic energy loss
******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link.
http://thethin.net/win2000list.cfm