|
Security Boot Camp Series Day 8 |
 |
|
Thursday, 31 December 2009 10:03 |
Day 8: Test the strength of your password policy
 YOUR ASSIGNMENT TODAY
Test the strength of your password policy.
WHY DO IT
A complex, six- to eight-character password may have been sufficient 10 years ago, but it's certainly not today. Moreover, most companies still lack a sufficiently adequate auditing system to alert admins of repeated failed logon attempts s. So a remote attacker can enumerate all of your external access and guess away against your administrator account until he or she breaks it.
HOW TO DO IT
Download our password-guessing calculator spreadsheet, input your password policy (length, character set, maximum age, and whether complexity is enabled), selects a password entropy model, and enter the number of guesses per minute that an attacker can attempt. The spreadsheet will calculate how easily your passwords will give when under attack.
RECOMMENDED READING
"Test the strength of your password policy," Infoworld.com
Don't be lulled into a false sense of security, though: A complex, six- to eight-character password may have been sufficient 10 years ago, but it's certainly not today.
|
|
Last Updated on Thursday, 31 December 2009 10:09 |
