Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pass Phrase instead of Password


  • Please log in to reply

#1
trpum1c1

trpum1c1

    New Member

  • Member
  • Pip
  • 3 posts
Dear Friends,

I wanted your help to understand if either there is any inbuilt capability in Windows 7 or if there is any software which provides the capability to user to input a Phrase upon which the software will prompt a strong password which meets the Organization capabilities for password policy.

Regards,
Prasad
  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,047 posts
  • MVP
what?

what exactly are you talking about? logging into windows? or are you making custom software?
  • 0

#3
trpum1c1

trpum1c1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi dsenette,

Typical problem faced by users - even senior mgt for that matter is the time spent while setting the new password. Due to password policies which force the user to set a strong password with Alpha numeric combination and with policies which prevent repeat of last 5 passwords, it takes multiple tries from the user to set his/her password.

We have 2 options to resolve that:

1. Ensure that if the new password is not accepted, the pop up should give the conflict with the particular policy for which the password failed.

2. Look for solution which will allow the user to input a Phrase and the system will generate a strogn password for it to use. E.g: The user inputs " The legend of the Falls". The system prompts [email protected]

Regards,
Prasad Patil
  • 0

#4
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,047 posts
  • MVP
i just read the article you mentioned. and i'm not sure that you've taken away from it what was intended. the basic concept of the article states that the longer the password, the harder it will be to crack as you're adding more possible options to the password.

basically the studies have shown that a moderately complex 12 character password that's not a word from the dictionary is the strongest (as with modern technology it would take a couple thousand years to crack). however it's difficult for a user to remember a 12 character word that's not in the dictionary. so instead you can make a 12 character phrase, as one word that would be equally (roughly) as safe as an 8 character random password

so in your last example:

ThelegendoftheFalls would actually be a fine password as it is. (though changing some of the letters to numbers or special characters would be better) it would take an immense ammount of time to actually come across that combination of words randomly through normal password breaking methods.

1. Ensure that if the new password is not accepted, the pop up should give the conflict with the particular policy for which the password failed.

in a windows domain, when you set strong password requirements, a popup is displayed....though it does give a more general explanation, it does list out what the current policy requires. strong password requirement on the domain means that the password has to be of a certain length (which isn't specifically mentioned in the prompt but your own company policy should be clear to the employees), and the password must contain certain character types (the prompt DOES highlight this requirement specifically). so as long as your password policy is known through out the company and explained before a user ever sets their own password, any issues are purely human error and not something that will be very easy to account for.

most employees, management especially, hate anything that makes them have to work a little harder, or think about something before they do it. they want to press print and have the paper show up on the printer on their desk instead of having to walk 10 feet to a shared printer. the only way to NOT have employees complain about a password policy is to not have one. period.

at a previous job (hospital) people complained about the password requirements so much before i ever got a logon that i was actually concerned about the policy being too difficult. once i finally got access i found out that the only requirement was that the password be 8 characters long and that you had to change your password every 6 months. there was no complexity requirement and no password history, so at most you had to remember 2 passwords and just alternate between the two twice a year.

the only way to actually fix this issue is to educate your employees and management to the importance of security and that a password is the first line of deffense
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP