IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / "... sizable number of the students ..." == "all who cared"
Post #187,620
by drewk
Picture of drewk
12/20/04 9:57:42 PM
Reply
New "... sizable number of the students ..." == "all who cared"
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
Post #187,622
by static
Picture of static
12/20/04 10:10:33 PM
Reply
New And your point was...?
You seem determined to play the "it can't work" hand and I'm damned if I can figure out why.

Security is a Risk Analysis game - it always has been. To do it correctly, password policy should be subject to that. If the potential damage from using accounts with poor passwords is low and/or unlikely, then you have a low risk situation. Little need to enforce 70 character passwords. If the potential damage* is high, but only to a very small number, thus reducing the likelihood, then the risk is not really increased a great deal. And so on. Sometimes, bad passwords and poor controls is actually not a problem. Even in a corp.

Wade.

* Sometimes the damage is more ephemeral than real. People's egos, for instance.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
 
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.
Post #187,623
by drewk
Picture of drewk
12/20/04 10:15:30 PM
Reply
New Wasn't meaning to say that
I just thought it was two funny anecdotes. Mine, a place that the IT people weren't allowed to implement a reasonable password policy; yours, a place that got the password religion after a bad breakage.

All I meant by my last comment was that in a school environment if one kid knows how to crack the teachers' accounts he can make mischief. Once two kids know about it everyone knows about it in short order.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
Post #187,624
by static
Picture of static
12/20/04 10:46:23 PM
Reply
New Ah -- alright then.
You're right: two funny anecdotes.

I agree about the school students: once a few discovered it, it was indeed all over the school in short order. :-) Incidentally, a similar thing also happened at another school, although there it was a direct result of a bad default password policy set by their IT guy. Over our objections. All we could do when it happened was say "We told you so".

Wade.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
 
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.
     Complex Password Primer for Users? - (SpiceWare) - (19) - Dec. 20, 2004, 02:18:37 PM EST
         My Advice - (pwhysall) - (2) - Dec. 20, 2004, 02:45:34 PM EST
             not an option - (SpiceWare) - Dec. 20, 2004, 03:43:48 PM EST
             More on phrases - (FuManChu) - Dec. 20, 2004, 03:45:02 PM EST
         Re: Complex Password Primer for Users? - (Steve Lowe) - (13) - Dec. 20, 2004, 02:48:02 PM EST
             And you know, it's 100% right. - (pwhysall) - (10) - Dec. 20, 2004, 02:52:36 PM EST
                 No argument - (Steve Lowe) - (9) - Dec. 20, 2004, 03:01:13 PM EST
                     Teehee - (pwhysall) - (8) - Dec. 20, 2004, 03:18:24 PM EST
                         That's another weakness - (Silverlock) - (7) - Dec. 20, 2004, 08:01:39 PM EST
                             30 days is not onerous. - (static) - (6) - Dec. 20, 2004, 09:24:26 PM EST
                                 No it won't - (drewk) - (5) - Dec. 20, 2004, 09:29:21 PM EST
                                     We had a password incident in a client of a former employer. - (static) - (4) - Dec. 20, 2004, 09:42:16 PM EST
                                         "... sizable number of the students ..." == "all who cared" -NT - (drewk) - (3) - Dec. 20, 2004, 09:57:42 PM EST
                                             And your point was...? - (static) - (2) - Dec. 20, 2004, 10:10:33 PM EST
                                                 Wasn't meaning to say that - (drewk) - (1) - Dec. 20, 2004, 10:15:30 PM EST
                                                     Ah -- alright then. - (static) - Dec. 20, 2004, 10:46:23 PM EST
             Bingo! - (SpiceWare) - (1) - Dec. 20, 2004, 03:45:16 PM EST
                 Also. - (static) - Dec. 20, 2004, 09:26:24 PM EST
         Got this from 'fortune' - (imric) - Dec. 22, 2004, 10:07:50 AM EST
         I've seen 3 methods - (Steven A S) - Dec. 28, 2004, 04:05:08 PM EST

Eins, zwei, drei, vier.
79 ms