Insane Security Policies

[Fraz]

Once again no.

Think how small the search space would be by the time you've worked out the constraints (ie there must be at least 4 keys to the left, one above, but only 2 below.... etc.

Although technically correct, what you are saying means that whoever is trying to brute force crack the password knows that this is the scheme. This is highly unlikely to be the case.

Besides, surely it's pretty obvious if someone is trying to brute-force an account... this is all bonkers.

[Brucelles]

When I worked in Zurich I was with a major bank that has thousands of people and hundreds (literally) of systems. I still have my (paper) notebook from those days and I have a whole A4 page pretty much covered with three columns: System name, UID,
PWD. So far, pretty poor. But then we changed from 3 monthly password changes to monthly and the notebook just goes apeshirt. There's no way a normal person can remember even 10 meaningless passwords.

I suppose you could have the password list on the wall, with the knowledge that it would take ages to try out all of the pwd / uid combinations.

[TheAnimus]

Although technically correct, what you are saying means that whoever is trying to brute force crack the password knows that this is the scheme. This is highly unlikely to be the case.

Besides, surely it's pretty obvious if someone is trying to brute-force an account... this is all bonkers.

If the series is say 14 long, odds are the posistion could be narrowed down to ~4 ish starting points by my quick calculations (could use proper brownian motion to figure out the 'right' awnser, but I do have work to do , just as soon as the lump of **** that is infragistics will let me, damn GUI developement)

All they need to know is the scheme. My point is, bloody long concatinations of real words are by far and away safer, when mixed with easy to remeber spellings and numbers.

[acrobat]

I remember some years ago a large company (3000+ employees) upheld high levels of password security. One Monday morning the helpdesk staff had 40% of the users calling to get their passwords reset. These password resets had to be approved by their line management, who unfortunately were also locked out.

The reason for the sudden dramatic increase in password resets was due to the users, being unable to remember their complex passwords, had scribbled their passwords on the wall near their desks. Unfortunately, over that particular weekend the offices had been redecorated.

G

hehe

[Lucio]

At least you have a security policy!

The company I work for refuses to let me impliment a proper policy, atm all users have identical passwords that never, ever get changed....

[[GSV]Trig]

I know that feeling, once I get a bit of time I'm gonna sort out a proper policy here, I'm already on the hit list for blocking facebook/myspace etc.

Had one girl that works here that was being rather suspicious with her PC useage, accidentally turned on her MSN chat log's and lets just say if we did have a policy she woulda been outta here. Had a word with her she said she'd stop, checked again a few days later and shes still at it, however she doesnt actually need the internet for her job here so she now has no internet access...

[Fraz]

At least you have a security policy!

The company I work for refuses to let me impliment a proper policy, atm all users have identical passwords that never, ever get changed....

Don't suppose you work for a bank at all, do you?

[Jay]

thats bad news! whats the point in having passwords then? To be honest when I worked for the NHS it was like that as well.

[me5354]

Or you can just try and use your <insert name of store here> bonus card's number together with abit of improvisation.

ie: 1234567MarksAndSpencers