Nice. I'd probably have set the threshold at 10 just to reduce the odds of a real user getting locked out, but I like the idea.
Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com <http://www.rolandschorr.com/> From: G.Waleed Kavalec [mailto:kava...@gmail.com] Sent: Friday, August 12, 2011 12:51 To: NT System Admin Issues Subject: Re: Almost, but not quite OT: Passwords A trick we used to use (many years ago) was that after 3 bad tries NO password would work, even the right one. No additional error message, it just let you keep on trying. On Fri, Aug 12, 2011 at 2:15 PM, Ben Schorr <b...@rolandschorr.com> wrote: Length is more important than complexity, no doubt. While it's good to have mixed case and numbers and symbols the fact that you COULD is enough to force any brute force attack to check for it. And, frankly, any system that will allow 1,000 passwords a second to be thrown at it without locking the account or alerting an admin has a serious problem. Ben M. Schorr Roland Schorr & Tower www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr From: andy [mailto:afo...@psu.edu] Sent: Friday, August 12, 2011 12:00 To: NT System Admin Issues Subject: RE: Almost, but not quite OT: Passwords huh.. just tried something similar to one of my passwords, all lowercase, all letters, of course my real password has a couple of numbers in it. 780 quintillion years 20 character password all lowercase - 97billion years 11character password all lowercase 314 years huh... the password -- 0987654321aaaaaa -1 billion years aaaaaaaaaaaa - 12 years to hack so much for the password rules. then again my password would not work on a unix system. Are unix systems still only 8 characters. it looks like any 8 character password can be hacked in less than a week. At 11:00 AM 8/11/2011, Kennedy, Jim wrote: Good point, I just got phished. From: Gary Slinger [ mailto:gary.slin...@gmail.com <mailto:gary.slin...@gmail.com> ] Sent: Thursday, August 11, 2011 10:57 AM To: NT System Admin Issues Subject: Re: Almost, but not quite OT: Passwords It wasn't one of my current 'real' passwords. I'm not putting one of those in on a site I don't know. ________________________________ From: "Kennedy, Jim" <kennedy...@elyriaschools.org> Date: Thu, 11 Aug 2011 10:46:08 -0400 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> ReplyTo: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Subject: RE: Almost, but not quite OT: Passwords Buwhahahah.... 124 thousand years. From: Gary Slinger [ mailto:gary.slin...@gmail.com <mailto:gary.slin...@gmail.com> ] Sent: Thursday, August 11, 2011 10:45 AM To: NT System Admin Issues Subject: Re: Almost, but not quite OT: Passwords With one special character, 15 years. Without it, 4 days. Interesting. ________________________________ From: "Martin Blackstone" <mblackst...@gmail.com> Date: Thu, 11 Aug 2011 07:19:59 -0700 To: NT System Admin Issues< ntsysadmin@lyris.sunbelt-software.com <mailto:ntsysadmin@lyris.sunbelt-software.com> > ReplyTo: "NT System Admin Issues" < ntsysadmin@lyris.sunbelt-software.com <mailto:ntsysadmin@lyris.sunbelt-software.com> > Subject: RE: Almost, but not quite OT: Passwords I got one year. From: Shauna Hensala [ mailto:she...@msn.com <mailto:she...@msn.com> ] Sent: Thursday, August 11, 2011 7:16 AM To: NT System Admin Issues Subject: RE: Almost, but not quite OT: Passwords Have your users go here: http://www.howsecureismypassword.net/ and enter their password to see how long it would take to crack. A fun little exercise. Shauna Hensala ________________________________ From: webs...@carlwebster.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Almost, but not quite OT: Passwords Date: Thu, 11 Aug 2011 13:43:08 +0000 I changed my bed linens at the beginning of each semester whether they needed changing or not. J Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com <http://www.carlwebster.com/> From: Crawford, Scott [ mailto:crawfo...@evangel.edu <mailto:crawfo...@evangel.edu> ] Sent: Thursday, August 11, 2011 8:32 AM To: NT System Admin Issues Subject: RE: Almost, but not quite OT: Passwords nice. Reminds me of an old roommate, "I clean the shower every six months whether it needs it or not." Sent from my Palm Pre on the Now Network from Sprint ________________________________ On Aug 11, 2011 7:42 AM, Webster <webs...@carlwebster.com > wrote: I change my passwords religiously every 7 years. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com <http://www.carlwebster.com/> From: Gasper, Rick [ mailto:rickgas...@kings.edu <mailto:rickgas...@kings.edu> ] Subject: RE: Almost, but not quite OT: Passwords Crap...I now have to change my password again... From: Jon Harris [ mailto:jk.har...@gmail.com <mailto:jk.har...@gmail.com> ] Subject: Re: Almost, but not quite OT: Passwords If the in-house team ever got a round to it both could be kept happy but using something like "Horses like 2 fly, like bugs like to be stepped on!" Complex and easy to remember. How long would that take for a brute force attack or a dictionary attack to get the password? FYI that is NOT one of my passwords! Jon On Wed, Aug 10, 2011 at 6:10 PM, Webster <webs...@carlwebster.com > wrote: Because the security team and or auditor are simply following a check list. Complex passwords required - check. My job is done. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Content-Type: image/gif; name="image001.gif" Content-Description: image001.gif Content-Disposition: inline; Content-ID: <image001.gif@01CC5815.E50BB910> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- G. Waleed Kavalec __________________ Remember Remember this Coming November The Debt Crisis Treason and Plot I know of No Reason the Republican Treason Should EVER be Forgot ! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin