Passwords May Be Weakest Link 529
blankmange writes "ZDNet is carrying a piece on network security and employee passwords: "When a regional health care company called in network protection firm Neohapsis to find the vulnerabilities in its systems, the Chicago-based security company knew a sure place to look. Retrieving the password file from one of the health care company's servers, the consulting firm put "John the Ripper," a well-known cracking program, on the case. While well-chosen passwords could take years--if not decades--of computer time to crack, it took the program only an hour to decipher 30 percent of the passwords for the nearly 10,000 accounts listed in the file." Sounds like enforced password formats and mandatory changing of passwords would help, but how many companies actually make them policy and enforce it?"
Very good analysis. (Score:5, Funny)
And in other news, "The Earth May Not Be Flat".
i can't even troll right (Score:0, Funny)
Did somebody say... (Score:0, Funny)
just one problem (Score:2, Funny)
Sources: interviews and sticky notes on monitors
--
martin
Netware makes us change... (Score:3, Funny)
Re:Very good analysis. (Score:3, Funny)
Humans are the weakest link. Without them there would be no need for passwords.
Re:just one problem (Score:3, Funny)
It's probably their /. username...
Re:The problem with strong passwords... (Score:2, Funny)
But that's not always a problem. In some situations, where outsiders don't wander round offices, this can be a good technique. If the office is "secure", writing down passwords is fine. This can certainly be put to good effect in the home.
Post-its stuck to monitors might not be the best place to write them down, I grant you.
Re:Netware makes us change... (Score:3, Funny)
You must not be Catholic. >;-)
Re:just one problem (Score:3, Funny)
Re:Obvious (Score:4, Funny)
ekk4H$2drPr3Q,
Ltc4buX126w, and
7ydEX92aSz3UIo
for 90% of my passwords. Then all you have to do is not tell anyone about them. They're not hard to remember anymore, and it really wasn't that difficult to begin with. Sheesh, morons.
Re:Obvious (Score:5, Funny)
Not really. I once worked (as a contractor) with a primadona / hot shot who thought he was the side the bread was buttered on (or something like that). Anyway, he left in a huff of wounded genius one day (someone had the audacity to challenge his expense report, IIRC). I had noticed a few months back that 1) his password was all numeric and 2) he typed it in a 3-2-4 pattern. After he was gone & everyone was in a panic because we were locked out of a few important things, I took it upon myself to look up his SSN in the payroll system.
After everyone was sufficiently worried about the fate of the company and all, I asked mildly "Mind if I take a stab at it?"
It worked the first time, and I deadpaned it like it was no big deal, with some Jeeves-ish quip about "the psychology of the individual" and tapped my forehead. It was quite fun.
-- MarkusQ
Re:Obvious (Score:4, Funny)
Re:Very good analysis. (Score:2, Funny)
I use to work for a software company in Eastern Washington State...
Their password for all of their servers was QWERTY...
How freaking dumb is that?...
Needless to say, I implemented new passwords...
Since I've left the company, I'm sure they went back to something pretty lame.....like QWERTY