Security Basics: Re: Password Quality checker

[Arun Bhaskar <arun.bhaskar.k () gmail com>]

Hi Johnny,

You can try using javascript functions to validate input (i.e. user 
passwords ) in a text field based on your password complexity 
requirements and  put the page on your internal web server.
Regards,
Arun Bhaskar Kondoth

Johnny Wong wrote:
> Hello Nic,
>
> Thanks for the reply. I was looking for a tool for users to check 
> whether the passwords they choose meet the organization's policy. Not 
> a tool to test the strength of the existing passwords. Most likely a 
> web portal for them to enter the "potential" password, and the portal 
> will determine whether it meets the standards.
> Rgds,
> JW
>
> At 08:48 AM 26/12/2006, Nic Stevens wrote:
> > You cannot check the quality of "Unix/Linux" passwords as it's a 
> > one-way encryption so it must be done at the time the user (or admin) 
> > sets the password. With PAM based authentication on *nix there are 
> > ways of enforcing stronger passwords standards than the default.
> > As far as Windows goes I have no experience with security.
> >
> > -Nic
> >
> >
> > Johnny Wong wrote:
> > > Hello all,
> > >
> > > I was wondering if your organization deploys any password quality 
> > > checking tool to help users select policy-compliant passwords? Be it 
> > > web-based or client based. I am thinking what type of requirements 
> > > do you use to select such tools, and what are the examples out there?
> > > My thoughts:
> > > 1) It should not store the user's passwords (be it pass or fail)
> > > 2) It should be able to handle complexity rules (or align with 
> > > Windows GPO)
> > > 3) It should also work with Unix/Linux passwords
> > >
> > > Thanks,
> > > JW
> >
> > --
> > Captiain! We've been hit. The only damage so far is the self-destruct
> > mechanism which, apparently has destroyed itself.