because this is still an integral part of a hackers' privilege escalation path. And given some of the behaviors I've seen customers employ, passwords should be at the fore-front of some organizations' concerns.Īn example of a case where passwords are still employed and still a very critical security concern for organizations are the passwords for local administrators. Until all facets of every application and operating system finally kill off the plain-old password, all of the age-old arguments about password complexity, use, and crack-ability should still be of concern. ![]() ![]() Now, whenever I start talking about passwords, someone always stands up and says, ".but passwords are dead thanks to 2-factor authentication/multi-factor authentication." And while I'd agree with this statement in principle, I can't in practice. I've worked with customers who've had very stringent password policies as well as customers who've had laughable password policies. I'm writing this blog post because of some of the work experiences I've had. Sadly, they often generate passwords that are rather easily capable of being re-calculated with the right tools or a smart mathematician/cryptographer. Many of the widely available built-in capabilities do not generate cryptographically secure passwords. ![]() I've had the opportunity to write a number of password generating functions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |