Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Password Auditing
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Sat, 5 May 2007 08:04:56 -0400

Isn't a weak password any password that your users don't know. That is, if
it's something you give them with lots of strange characters it's NOT
something they know making it a WEAK password. 

IT Security people still have this completely backwards. All the garbage
about password auditors assure you of a password that your users don't know,
forcing them to write it down and creating a WEAKER system than if you did
nothing.

Please stop breaking the authentication model and work on second factors
leaving one factor, as simple as a pin, as a factor your users know!

KWK

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Manuel Arostegui Ramirez
Sent: Friday, May 04, 2007 4:39 PM
To: pen-test () securityfocus com
Subject: Re: Password Auditing

El Viernes, 4 de Mayo de 2007 19:50, Mike Gibson escribió:
Can anyone recommend a good password auditing tool. Basically I want
to identify weak passwords on my servers (Windows, Linux, Unix).
Ideally this would be done by a tool that could remotely fetch the
local password database and then attempt to brute force the passwords
and prepare a report in a central location.

Any suggestions?


Try Babel Enterprise:
http://babel.sf.net

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault