Loading ...
Sorry, an error occurred while loading the content.

Re: understanding the logs

Expand Messages
  • Simon Brereton
    ... For password strength, I m not sure the conventional wisdom of numbers and punctuation are relevant any more. They help when the attacker is known to you,
    Message 1 of 4 , Nov 8, 2011
    • 0 Attachment
      On 8 November 2011 02:53, Stan Hoeppner <stan@...> wrote:
      > On 11/8/2011 1:13 AM, Geert Mak wrote:
      >
      >> We had a user account hacked (weak password) and our SMTP server was used for sending spam. We discovered it after our mail server IP began to show up in RBLs. We improved the passwords, however the question is how best to watch the server in case a similar thing happens again.
      >
      > 1.  Create and enforce a minimum password complexity policy, preferably
      > on your web based account creation page, something like:
      >
      > http://www.webresourcesdepot.com/10-password-strength-meter-scripts-for-a-better-registration-interface/

      For password strength, I'm not sure the conventional wisdom of numbers
      and punctuation are relevant any more. They help when the attacker is
      known to you, but password length is a much better indicator of
      entropy resistance.

      http://xkcd.com/936/

      Simon
    Your message has been successfully submitted and would be delivered to recipients shortly.