Home page logo

basics logo Security Basics mailing list archives

Re: passwords
From: "jl" <jl () vidcrew4u net>
Date: Wed, 19 Feb 2003 16:25:13 -0600

I've learned to rely on a little windows program that seem to fit our
password needs.  I've been, and still am, the 30 day believer for good
security at the desktop.

The programs that we use to generate these passwords are small, free,
and very flexible in the results that you want from your generation
needs.  We simply generate a random list of passwords that are
available for distribution.  We insert the first XYZ set of numbers for
IT to use as departmental, personnel, or divisional markers, and then
use the program to generate our list.  We do this quarterly, so that we
always have enough passwords generated for a designated area on hand.  

For those that are password immune, (meaningg refuse to comply with
change requirements) we've come to rely on these programs random
generating capabilities to help with quick passwords that these people
seem to be able to live with.

These programs are:

Maskingpassword generator.  Shareware, $10.00 us to buy.  You can take
a look at it at:

Generate random passwords or numbers based on any conceivable pattern. 
The program can be run in the System Tray, 
so passwords can be generated from within any Windows application 
by pressing a user-defined or default key combination. 
This version features random-length passwords and character set

and the second program:

Pins.  Freeware, you can't beat that.

PINs stores data with the 448-bit Blowfish algorithm. 
PINs can be safely run even on a public computer. 
It can also run directly from a floppy without any installation. 
Features include:

Unlimited entries and data files 
Tree-like data organization allows logical grouping of systems and
Safe files wiping using Gutmann, DoD and custom methods 


I'm not a big believer in desktop storage with pins, but if you're
deploying self governed password generation, it's not a bad way to go. 
It's also very simple to use, and can run from a floppy if needed.

On Tue, 18 Feb 2003 15:13:36 -0500 (EST), multics () ruserved com wrote:

Only if you are sure they are selecting good passwords.  It also
depends on how secure your network is and the access path between the
users and the mail server.  If users are writing down or choosing
insicure passwords due to problems remembering the new ones then
you may be introducing more problems then you are solving.

Hello all,

one of the favorite subjects in my company seems to be the strength of
passwords. We force our users to change their mail password every 90 days.
Does this make sense? Why?


Richard Shetron  multics () ruserved com multics () acm rpi edu  NO UCE
What is the Meaning of Life?      There is no meaning,
It's just a consequence of complex carbon based chemistry; don't worry about it
The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]