A trick we used to use (many years ago) was that after 3 bad tries NO password would work, even the right one.
No additional error message, it just let you keep on trying. On Fri, Aug 12, 2011 at 2:15 PM, Ben Schorr <b...@rolandschorr.com> wrote: > Length is more important than complexity, no doubt. While it’s good to have > mixed case and numbers and symbols the fact that you COULD is enough to > force any brute force attack to check for it.**** > > ** ** > > And, frankly, any system that will allow 1,000 passwords a second to be > thrown at it without locking the account or alerting an admin has a serious > problem.**** > > ** ** > > Ben M. Schorr**** > > Roland Schorr & Tower**** > > www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr**** > > ** ** > > *From:* andy [mailto:afo...@psu.edu] > *Sent:* Friday, August 12, 2011 12:00 > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > huh.. just tried something similar to one of my passwords, all lowercase, > all letters, of course my real password has a couple of numbers in it. > > 780 quintillion years > > 20 character password all lowercase - 97billion years > 11character password all lowercase 314 years > huh... the password -- 0987654321aaaaaa -1 billion years > aaaaaaaaaaaa - 12 years to hack > > so much for the password rules. > > then again my password would not work on a unix system. Are unix systems > still only 8 characters. > it looks like any 8 character password can be hacked in less than a week. > > > At 11:00 AM 8/11/2011, Kennedy, Jim wrote: > > **** > > Good point, I just got phished. > > *From:* Gary Slinger [ mailto:gary.slin...@gmail.com<gary.slin...@gmail.com>] > > *Sent:* Thursday, August 11, 2011 10:57 AM > *To:* NT System Admin Issues > *Subject:* Re: Almost, but not quite OT: Passwords > > It wasn't one of my current 'real' passwords. I'm not putting one of those > in on a site I don't know. **** > ------------------------------ > > *From: *"Kennedy, Jim" <kennedy...@elyriaschools.org> > *Date: *Thu, 11 Aug 2011 10:46:08 -0400 > *To: *NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> > *ReplyTo: *"NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com > > > *Subject: *RE: Almost, but not quite OT: Passwords > > Buwhahahah…. 124 thousand years. > > *From:* Gary Slinger [ mailto:gary.slin...@gmail.com<gary.slin...@gmail.com>] > > *Sent:* Thursday, August 11, 2011 10:45 AM > *To:* NT System Admin Issues > *Subject:* Re: Almost, but not quite OT: Passwords > > With one special character, 15 years. Without it, 4 days. Interesting. *** > * > ------------------------------ > > *From: *"Martin Blackstone" <mblackst...@gmail.com> > *Date: *Thu, 11 Aug 2011 07:19:59 -0700 > *To: *NT System Admin Issues< ntsysadmin@lyris.sunbelt-software.com> > *ReplyTo: *"NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com > > > *Subject: *RE: Almost, but not quite OT: Passwords > > I got one year. > > *From:* Shauna Hensala [ mailto:she...@msn.com <she...@msn.com>] > *Sent:* Thursday, August 11, 2011 7:16 AM > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords > > Have your users go here: http://www.howsecureismypassword.net/ > and enter their password to see how long it would take to crack. A fun > little exercise. > > [image: Description: Red rose]Shauna Hensala**** > ------------------------------ > > From: webs...@carlwebster.com > To: ntsysadmin@lyris.sunbelt-software.com > Subject: RE: Almost, but not quite OT: Passwords > Date: Thu, 11 Aug 2011 13:43:08 +0000 > I changed my bed linens at the beginning of each semester whether they > needed changing or not. J > > > Carl Webster > Consultant and Citrix Technology Professional > http://www.CarlWebster.com <http://www.carlwebster.com/> > > > *From:* Crawford, Scott [ mailto:crawfo...@evangel.edu<crawfo...@evangel.edu>] > > *Sent:* Thursday, August 11, 2011 8:32 AM > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords > > nice. > > Reminds me of an old roommate, "I clean the shower every six months whether > it needs it or not." > > Sent from my Palm Pre on the Now Network from Sprint > **** > ------------------------------ > > On Aug 11, 2011 7:42 AM, Webster <webs...@carlwebster.com > wrote: > I change my passwords religiously every 7 years. > > Carl Webster > Consultant and Citrix Technology Professional > http://www.CarlWebster.com <http://www.carlwebster.com/> > > > *From:* Gasper, Rick [ mailto:rickgas...@kings.edu <rickgas...@kings.edu>] > > *Subject:* RE: Almost, but not quite OT: Passwords > > Crap…I now have to change my password again… > > *From:* Jon Harris [ mailto:jk.har...@gmail.com <jk.har...@gmail.com>] > *Subject:* Re: Almost, but not quite OT: Passwords > > If the in-house team ever got a round to it both could be kept happy but > using something like "Horses like 2 fly, like bugs like to be stepped on!" > Complex and easy to remember. How long would that take for a brute force > attack or a dictionary attack to get the password? > > FYI that is NOT one of my passwords! > > Jon > On Wed, Aug 10, 2011 at 6:10 PM, Webster <webs...@carlwebster.com > wrote: > Because the security team and or auditor are simply following a check > list. Complex passwords required – check. My job is done. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > Content-Type: image/gif; > name="image001.gif" > Content-Description: image001.gif > Content-Disposition: inline; > Content-ID: <image001.gif@01CC5815.E50BB910>**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > -- G. Waleed Kavalec __________________ Remember Remember this Coming November The Debt Crisis Treason and Plot I know of No Reason the Republican Treason Should EVER be Forgot ! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin