Mailing Lists
Exploits
Vulnerability
Audits
Network Audits
Server Audits
Policy Audits
Hacking Tools
PenetrationTest
RootKits
|
| Password Policy |
- Passwords should be:
- passwords should have a combination of numbers, letters and punctuation
- passwords should be 8 characters or longer
- passwords should NOT be listed as words in (foreign) dictionaries
- it'd just take a few seconds to guess your dictionary based password
- passwords should expire and should be rotated
- passwords should be computer generated but people cannot easily remember it
- if you have to write down your passwords, do NOT write down what/where its for
- if you have to write down your passwords, keep it encrypted
- password-less computer systems are very bad ...
break into one system and you have free access to "everything"
- it is well known and common sense that:
- people tend to re-use passwords they can easily remember
- birthdays, names of spouses, family members, pets, coworkers, hobbies ..
- people tend to re-use their same password to gain access to their computers at work and at home, online shopping sites, online banking including ATM PIN#
- people tend to write down their passwords on paper, computers and/or cell phone
- passwords are usually found under the computer, under the keyboard, under the drawers, on the monitors, on the back of business cards ..
- people tend NOT to encrypt and protect this confidential data
- people tend to sign up for online forums/blogs and still use confidential password used for work
- people tend NOT to pay attention to encrypted https login vs clear text http websites
- corporations/people tend to send new passwords via un-encrypted emails and un-encrypted web pages
- your passwords can be sniffed by anybody from anywhere in the world
|
| Passwd Auditing Tools |
|
| Check FileSystem |
|
|