|
List Info
Thread: E-mail passwords
|
|
| E-mail passwords |
|
2006-11-16 03:46:04 |
On Wed, November 15, 2006 17:29, David Radwin wrote:
> At 4:43 PM -0800 11/15/06, Aron Roberts wrote:
>> "How do I set strong passwords for all of
the accounts on my
>> computer?"
>> https://kb.berkeley.edu
/kb905
>>... these password tips - or a variant of them -
>>should likely also be helpful as a way to come up
with memorable and
>>rules-compliant CalMail passwords, CalNet
passphrases, and the like.
>
> I don't think this is what you're suggesting, but just
in case it is,
> I would point out that one generic problem with having
a single
> person give out passwords (or maybe even hints) to
multiple users
> inevitably leads to some consistent formula that
ultimately
> compromises security.
Thanks, David, for sharing these interesting experiences
and concerns.
Consistent formulas are definitely a no-no. However, I'd
assert that
heuristic tips to help users think up stronger passwords -
those that
use at least three character classes and don't consist
solely of
personally identifiable words or dictionary words, or close
variants of
those - are probably better than the alternative, even if
the use of
those tips may somewhat artificially constrain the universe
of passwords
generated.
The (unfortunate) alternative to providing users with tips
and tools
they can use to create strong passwords on their own is
something like
this:
http://news
.com.com/2009-1001-916719.html
Security company identifies that 30 percent of the
passwords
in 10,000 accounts on a regional health care company's
servers
could be identified by a cracking program in just one
hour.
Or this:
http://www.csulb.edu/misc/inside/archives/v58n5/2.htm
CSU-Long Beach researcher says her research shows that
60 percent of passwords can be identified by cracking
programs within several hours.
Aron Roberts
Information Services and Technology
------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.
|
|
| E-mail passwords |
|
2006-11-16 18:16:39 |
Aron Roberts wrote:
>
> The (unfortunate) alternative to providing users with
tips and tools
> they can use to create strong passwords on their own is
something like
> this:
>
> http://news
.com.com/2009-1001-916719.html
> Security company identifies that 30 percent of the
passwords
> in 10,000 accounts on a regional health care
company's servers
> could be identified by a cracking program in just one
hour.
>
> Or this:
>
> http://www.csulb.edu/misc/inside/archives/v58n5/2.htm
> CSU-Long Beach researcher says her research shows
that
> 60 percent of passwords can be identified by cracking
> programs within several hours.
What percentage of CalMail accounts do you think have
crackable passwords?
--
Tom Holub (tom_holub LS.Berkeley.EDU, 510-642-9069)
Director of Computing, College of Letters & Science
249 Campbell Hall
<http://LS.berkeley.e
du/lscr/>
------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.
|
|
| E-mail passwords |
|
2006-11-16 18:34:35 |
On Nov 16, 2006, at 10:16 AM, Tom Holub wrote:
>
> What percentage of CalMail accounts do you think have
crackable
> passwords?
What about CalAgenda? (Or should I say
"calagenda"?)
I do try so hard to get users to change their CalAgenda
passwords.........
-Greg
------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.
|
|
| E-mail passwords |
|
2006-11-16 20:45:49 |
On Thu, 16 Nov 2006, Greg Merritt wrote:
> On Nov 16, 2006, at 10:16 AM, Tom Holub wrote:
>>
>> What percentage of CalMail accounts do you think
have crackable passwords?
>
>
> What about CalAgenda? (Or should I say
"calagenda"?)
>
> I do try so hard to get users to change their CalAgenda
passwords.........
In EECS, on the matter of CalAgenda passwords, I set the
password to something
unique for each user (and at least not utterly trivial)
before I tell the user
the account is active, or whenever the password is reset.
I really hate that I have to know anyone's password to
anything, and I
desperately wish that CalAgenda would set up some sort of
web-based password
changing interface so users could authenticate with their
CalNet password to
change their CalAgenda password.
--
Tom Maher | EECS Dept, 327 Soda Hall, Univ. of
California, Berkeley
+1-510-717-4190 | Berkeley, CA, 94720-1776
------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.
|
|
| E-mail passwords |
|
2006-11-16 20:55:46 |
Tom:
Do you mean to *reset* their CalAgenda password when they
have forgotten it?
Mimi
>On Thu, 16 Nov 2006, Greg Merritt wrote:
>
>>On Nov 16, 2006, at 10:16 AM, Tom Holub wrote:
>>>
>>>What percentage of CalMail accounts do you think
have crackable passwords?
>>
>>
>>What about CalAgenda? (Or should I say
"calagenda"?)
>>
>>I do try so hard to get users to change their
CalAgenda passwords.........
>
>In EECS, on the matter of CalAgenda passwords, I set the
password to
>something unique for each user (and at least not utterly
trivial)
>before I tell the user the account is active, or
whenever the
>password is reset.
>
>I really hate that I have to know anyone's password to
anything, and
>I desperately wish that CalAgenda would set up some sort
of
>web-based password changing interface so users could
authenticate
>with their CalNet password to change their CalAgenda
password.
>
>--
>Tom Maher | EECS Dept, 327 Soda Hall, Univ. of
California, Berkeley
>+1-510-717-4190 | Berkeley, CA, 94720-1776
>
>--------------------------------------------------------
----------------
>The following was automatically added to this message by
the list server:
>
>For information about Micronet, including subscribing to
>or unsubscribing from its mailing list and finding out
>about upcoming meetings, please visit the Micronet Web
site:
><http://micronet.be
rkeley.edu/>.
--
**********************************
Mimi Mugler
Programmer/Analyst
IST-IS-IA, UC Berkeley
mmuglerberkeley.edu
510.642.6157
------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.
|
|
[1-5]
|
|