Jim Lawrence
accessd at shaw.ca
Thu Aug 11 10:29:29 CDT 2011
I tend to like increasing the size of a password as that eliminates just
about all hacking. Throw in a few mixed case, numbers and special characters
and you have it sewed up. I do not tend to go with a random character
generated value as the chances of me or anyone else remembering it is highly
unlikely. This just makes the user write the passwords down and stores them
near their station...under the keyboard is a standard practice.
>From the other post, when it comes to SQL logins, I like to make the
password close to uncrackable and this can be done by salting the password.
When the person logs in through Access the password is good but not super
but when the system locks them on to the SQL server it adds up the password.
This makes it so no person, other than via the Access application can get
access to the data.
Access password: George_ Fennimore at 38
Salt: <DogsBreatheAlberta2001
Users SQL PW: George_ Fennimore at 38<DogsBreatheAlberta2001
It is easy to remember as George Fennimore, at age 38, came from Dogs
breathe Alberta in 2001. (Everyone comes from the hick town of Dogs breathe,
Alberta, in 2001) ;-)
Jim
-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of John Bartow
Sent: Thursday, August 11, 2011 7:50 AM
To: 'Discussion of Hardware and Software issues'
Subject: Re: [dba-Tech] Cross post - Password security
Hi Jim,
Given that, what would he recommend for password discipline?
I've personally gone to 16 characters or more auto generated, random
passwords using all characters allowed by a site. I honestly don't know too
many passwords anymore. Pretty much just the one to open my password
manager.
-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jim Lawrence
Sent: Thursday, August 11, 2011 9:06 AM
To: 'Discussion of Hardware and Software issues'
Subject: Re: [dba-Tech] Cross post - Password security
Here is a comment for a very good systems guy on that level and type of
password:
"Yep. I saw that. Unfortunately, it is flawed. Reason being that the average
person only has a small vocabulary and therefore this does not increase the
entropy as much as suggested. In fact, a four word password could easily be
cracked within a few days with current CPU/GPU technology. It's a nice idea
though, which does lead to decent password strength if you tweak the idea a
bit with something like putting x many underscores in front of the password
and something like that. A bit like salting your hash function."
Jim
-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan
Sent: Wednesday, August 10, 2011 2:24 PM
To: 'Off Topic'; 'Discussion of Hardware and Software issues'
Subject: Re: [dba-Tech] Cross post - Password security
Talk about co-incidence. Today's xkcd:
http://xkcd.com/936/
--
Stuart
On 10 Aug 2011 at 20:57, Jon Tydda wrote:
> Hi all
>
> Someon'e just posted this on my wall on facebook, and it looks really
> interesting, thought I'd share it.
>
> https://www.grc.com/haystack.htm
>
>
> Jon
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com