[Coco] Tandy / Color Computer Forum Access
Frank Pittel
fwp at deepthought.com
Fri Mar 25 20:10:40 EDT 2011
On Fri, Mar 25, 2011 at 04:38:03PM -0400, Steven Hirsch wrote:
> On Fri, 25 Mar 2011, gene heskett wrote:
>
> >On Friday, March 25, 2011 02:19:38 PM Brian Blake did opine:
> >
> >>On Fri, Mar 25, 2011 at 2:01 PM, Wayne Campbell <asa.rand at gmail.com>
> >wrote:
> >>>Most of them do recommend periodic changes, but leave it up to the
> >>>user.
> >>>
> >>>Wayne
> >>
> >>That's what will end up happening. Though if there is ever an instance
> >>where there's a security issue, it'll be required... No major biggie...
> >
> >The security issue is, as I see it, the short password. A 6 character PW
> >can be found by John the Ripper in just a few seconds. My own minimum user
> >password length is 9, and my root PW on this machine is, lets just say,
> >more than 20. Same for the admin password on dd-wrt. John would have to
> >work till the universe runs down to find those, as every character added
> >adds to the factorial on the difficulty. To illustrate, a 6 char PW is
> >6!=720. 9!=362880. and 20!=2.43290200818e+18, a rather large number.
> >
> >You have to make it expensive enough to crack your password that they get
> >bored and go looking for easier targets.
>
> My employer mandates a "three strikes and it's locked" policy on
> authentication attempts. Now that I think about it, most web
> accounts I own do that as well. Renders brute-force cracking tools
> a bit impractical.
The forum software I use also limits the number of failed login attempts
before shutting down the account. Unlocking the account requires me to
unlock!
The Other Frank
More information about the Coco
mailing list