InfoWorld Security Boot Camp: Day 8: Test the strength of your password policy
 
September 30, 2009
 
 
YOUR ASSIGNMENT TODAY: Test the strength of your password policy.
 
WHY DO IT: A complex, six- to eight-character password may have been sufficient 10 years ago, but it's certainly not today. Moreover, most companies still lack a sufficiently adequate auditing system to alert admins of repeated failed logon attempts s. So a remote attacker can enumerate all of your external access and guess away against your administrator account until he or she breaks it.
 
HOW TO DO IT: Download our password-guessing calculator spreadsheet, input your password policy (length, character set, maximum age, and whether complexity is enabled), selects a password entropy model, and enter the number of guesses per minute that an attacker can attempt. The spreadsheet will calculate how easily your passwords will give when under attack.
 
RECOMMENDED READING: "Test the strength of your password policy," Infoworld.com