Linux Today: Linux News On Internet Time.

More on LinuxToday

Linux.com: SysAdmin to SysAdmin: Educate Users About Strong Passwords

Jul 22, 2004, 07:00 (1 Talkback[s])
(Other stories by Brian Jones)

"Cracking passwords is incredibly easy. I learned how to crack passwords only days after I figured out how to get Linux to recognize my dialup modem. My 14-year-old brother taught me. A user with a recent Pentium-class desktop can launch a brute force password attack that can try upwards of 10 million word variations per second. Keep in mind that an attacker needs only one match, one IP address, and one rootkit or other privelege escalation routine to make your life a living hell.

"However, good passwords aren't a panacaea, either. We enforce good passwords where I work, and I've had more than one person who, after changing his password, immediately asked if I had a pen and paper. That's right folks, somewhere in the building you work in, there's a sticky note stuck to a monitor with a password written on it for all to see. What's more, even though you're a good admin and shut off all unencrypted means of authentication, it doesn't matter, because not everyone else has, and people use the same passwords all over the place..."

Complete Story

Related Stories: