Re: [[cobalt-users] Passwords (was: Server Hacked?)]

["Robert Grimmett" <pageus@xxxxxxxxxxxxx>]

I order to truely "secure" the customers password, you really need to take
that option away..
in most of the ISPs that i have worked for, they take away the right to
choose a password on there own.  Thus takeing that part of the issue out of
the playbooks.
Develop your own algorythm for passwords and stick to it.

----- Original Message -----
From: Liz <daldog@xxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, February 14, 2000 1:40 AM
Subject: RE: [[cobalt-users] Passwords (was: Server Hacked?)]


> Not sure if this question has already been answered (just
> got on this tread) but if the customer has access to change
> their password, how does one enforce the customer to
> continue use a strong password?
>
> It seems to me that the only way to keep abreast of customer
> elected password changes is to decrypt all passwords on a
> regular basis in order to see how strong or weak they are
> --- yes/no?
>
> Liz
>
>
> ------Original Message------
> From: "Tony" <isplists@xxxxxxxxxxxx>
> To: cobalt-users@xxxxxxxxxxxxxxx
> Sent: February 13, 2000 4:18:52 PM GMT
> Subject: RE: [[cobalt-users] Server Hacked?]
>
>
> This can happen on ANY machine. If you find a machine that's
> hack-proof let
> us know.
> How could it happen? By not enforcing a strong password
> policy is one way.
> Perhaps
> a user called joe with a password of joe. Once a hacker
> finds something like
> that he's
> in your machine and the rest is simple. Make your users
> choose strong
> passwords.
>
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com?sr=mc.mk.mcm.tag001
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>