[TriLUG] Protecting from SSL Vulnerabilities - iFolder
matt at noway2.thruhere.net
matt at noway2.thruhere.net
Thu Apr 29 09:49:13 EDT 2010
And we just had the full moon yesterday so perhaps his statistic was valid?
He was obviously exagerating, but hyperbole aside the point is valid.
Users choose weak passwords and the sheer number of passwords that the
average individual is required to remember these days greatly contributes
to this. When companies try to enhance security by making users routinely
change passwords the situation is worse. When they are forced to change
the password, the typical method is to stick an 1,2, 3, etc after it.
That was another comment by this consultant. When one of those three
failed, he could often times get success by tacking on a number.
If a cracker obtains a password, they are going to make use of it
immediately. They are not going to wait 30 days, nor are they likely to
attempt to use it much beyond the immediate instance. Consequently,
forcing password changes at even this interval is all but worthless when
it comes to security.
The whole point is that if it is possible to take advantage of the more
robust methods of security built into apache and to put the security in
the hands of the provider rather than the clients, that it is well worth
doing.
>>> According to the IT consultant at work, who
>>> worked at a bank, over 80% of the people used one of three passwords:
>>> "password", "Jesus", and their first name.
>
> And 72.49% of all statistics are made up on the spot 52.2% of the time,
> except on a full moon, and then it increases to 61.4%!
>
> In other words, I highly doubt that 80% of the people use those three
> passwords - if he just said a "statistically high number", I would
> agree... but 80%... ummm...
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>
More information about the TriLUG
mailing list