password requirements Archives - The Silicon Underground

Home » password requirements

Why I don’t scan networks with my own credentials

Dave Farquhar security, War Stories March 3, 2015March 3, 2015password requirements

I scan the network I’m paid and sworn to protect on a nearly daily basis. I experienced a problem with the account I use for that, and I tested by scanning a small quantity of machines (my own and my cubicle neighbor’s) with my own account to make sure the problem was the account, not the tool.

Fixing the account has become a problem–my boss’ problem now–but when I told him about it, I said I could scan the network with my personal admin account, but didn’t want to. One reason has to do with liability and HR. The other, believe it or not, is technical.

When your CISSP isn’t enough

Dave Farquhar security April 24, 2013April 23, 2013cissp, password database, password requirements, passwords

I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least.

Let’s do some post-mortem.

Although it’s counterintuitive, AT&T’s new password policy makes sense

Dave Farquhar security April 4, 2013April 4, 2013AT&T, leaks, password list, password requirements, passwords

AT&T has a new password policy that forbids the use of certain common words in passwords, including some words of a colorful nature.

Yes, it reduces the number of possible passwords, but that isn’t exactly a bad thing.

The problem with dictionary passwords

Dave Farquhar security February 11, 2013July 5, 2018CISPA, password requirements, passwords, piracy

Consulting firm Deloitte is warning that 8-character passwords will be obsolete this year. Sound familiar? Of course, the Slashdot crowd blamed it as security “experts” (their words) creating hype to make money.

Well, I’m a certified security professional who doesn’t have a dog in this fight, except that I don’t want your accounts getting stolen. So here’s the problem with many of the solutions the Slashdot crowd posed.

Some lessons from cracking the compromised Linkedin password database

Dave Farquhar security June 12, 2012command prompt, decent password, LinkedIn, password database, password requirements, password strength, passwords, randomness

Here’s a blow-by-blow account of a security researcher’s attempts to crack the compromised Linkedin database. This is a very good example of ethical hacking.
Read more