|
Computer
passwords reveal workers' secrets
Many office workers give themselves away with easily guessable
passwords. Choosing a PC password has largely become a psychology test, with
most office workers choosing a word that they believe to sum up their
personality. Only the smallest group (about 9 percent of the total) are
the most security conscious and select passwords which mix lower and upper case
letters, numbers and punctuation, to create cryptic passwords.
Enabling Strong Password Functionality in Windows 2000
Microsoft Knowledge Base Article: 225230 - Windows 2000 Server includes the strong password functionality first provided in Microsoft Windows NT Server 4.0 Service Pack 2 (SP2). For additional information about the scope of default strong password functionality, please see the
following article in the Microsoft Knowledge Base. Q161990
How to Enable Strong Password Functionality in Windows NT
Implementing
Guidelines for Strong Passwords
Adopting strong password policies is
one of the most effective ways to ensure system security. This
is only an example policy. It may not be strong enough for your
needs; it is up to each customer to determine how strong is
strong enough. Source: Microsoft.com
Passwords 101: Ten tips to help you tighten Windows NT's security
Common sense advice on making sure your password policies are tough enough to discourage would be hackers. Source: Windows NT Professional Magazine (March 1998)
|
|
Passwords=Bad
Article by Paul Robichaux - I'm going to let you in on a
secret that's little discussed outside the security world:
reusable passwords are evil. This might seem like an extreme
position, but I can back it up. Source: Microsoft TechNet
(Feb 2000)
Password Defense
Setting and enforcing password security policies is a crucial
part of securing your enterprise. Source: Windows & .NET
Magazine (September 2002)
Password
Policies
The default password policy that ships with Win2000
(much like in WinNT), can best be described as "weak." A
computer system -- along with its data -- are only as secure as
the password of the users who access it, particularly users with
admin level permissions. For this reason, if good password
security is a concern, you should definitely tighten this policy
up. Source: About.com
Password
Protection for Administrators' Workstations
We applied a GPO to all
user accounts in the Admins OU to secure administrators'
workstations with password protected screen savers. We did this
to help prevent passersby from gaining administrative access to
the network whenever administrators' workstations are left
unattended. Source: Microsoft.com
Standard Security Practices for Windows NT
Microsoft Knowledge Base Article: 166992 - Any security breach that requires access to administrative privileges needs to be dealt with using the appropriate security policy. This applies to all commercial operating systems, including Windows NT and
UNIX. (updated 10/26/2000)
Stronger
Passwords Aren't
In the real world, an eight-character mixed alphanumeric password is no more
secure than a simple four-character password according to Peter Tippett. If you
want to cut costs and solve problems, think clearly about the vulnerability,
threat and cost of each risk, as well as the costs of the purported mitigation.
Source: InfoSecurity Magzine
Ten
Windows Password Myths
With all of our advances in security technology,
one aspect remains constant: passwords still play a
central role in system security. The problem is
that as creative as humans are, we are way too
predictable. If I asked you to make a list of
totally random words, inevitably some sort of
pattern will emerge in your list. This article is
meant to bring you closer to understanding
passwords in Windows 2000 and XP by addressing
common password myths. Source: SecurityFocus
Win2K
Password Protection
Win2K's password protection is stronger than
NT's, but backward compatibility can leave Win2K systems vulnerable.
Source: Windows & .NET Magazine (Winter 2000) - subscription
ID may be required.
|
