RE: Password Auditing

From: Ken Kousky (kkousky@ip3inc.com)
Date: Sat May 05 2007 - 08:04:56 EDT

• Next message: s-williams@nyc.rr.com: "Revealing Username & Password Quark 6.0"
• Previous message: Nico Golde: "Re: Password Auditing"
• In reply to: Manuel Arostegui Ramirez: "Re: Password Auditing"
• Next in thread: kevin: "Re: Password Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Isn't a weak password any password that your users don't know. That is, if
it's something you give them with lots of strange characters it's NOT
something they know making it a WEAK password.

IT Security people still have this completely backwards. All the garbage
about password auditors assure you of a password that your users don't know,
forcing them to write it down and creating a WEAKER system than if you did
nothing.

Please stop breaking the authentication model and work on second factors
leaving one factor, as simple as a pin, as a factor your users know!

KWK

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Manuel Arostegui Ramirez
Sent: Friday, May 04, 2007 4:39 PM
To: pen-test@securityfocus.com
Subject: Re: Password Auditing

El Viernes, 4 de Mayo de 2007 19:50, Mike Gibson escribió:
> Can anyone recommend a good password auditing tool. Basically I want
> to identify weak passwords on my servers (Windows, Linux, Unix).
> Ideally this would be done by a tool that could remotely fetch the
> local password database and then attempt to brute force the passwords
> and prepare a report in a central location.
>
> Any suggestions?
>

Try Babel Enterprise:
http://babel.sf.net

-- 
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: s-williams@nyc.rr.com: "Revealing Username & Password Quark 6.0"
• Previous message: Nico Golde: "Re: Password Auditing"
• In reply to: Manuel Arostegui Ramirez: "Re: Password Auditing"
• Next in thread: kevin: "Re: Password Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT