Adult Webmaster Resources, Articles, News, Help Guides, Sites - CozyFrog.com !
COZY NEWSLETTER:

  
SEARCH ARTICLES:

Advanced Search
HOME SUBMIT ADVERTISE LINK TO US ABOUT US SITE MAP CONTACT
CozyCampus.com CozyAcademy.com CozyFlash.com CozyNewsletter.com
Cozy Campus
Our Cozy Webmaster Message Boards!

Cozy Discussion
Newbie Help
Traffic Notes
Cozy Critics
Now Hiring
Spam Board

Press Releases

Frog Listings
A Cozy Total of  4937 Services Listed!

Content
Sponsors
Traffic
Hosting
Billing
AVS
Designers
Software
Legal
Resources
Counters
Other

Help Guides
Check out our Cozy Help Guides! Your Buffet of Wealthy Information!

Startup Tutor
Better Business
Sponsors/Profits
Traffic Control
Legal Help
Content Pond
Web Design Pro
Code Professor
Hosting Helper
Techno Babble
General Guide

Industry Ebonics
Convention Guide Cozy Interviews

Future Events
June 10 - 13 | 2008
Cybernet Expo
San Francisco, California
July 9 - 11 | 2008
XBIZ Summer Forum
Las Vegas, Nevada
COZY CALENDAR >>

Help Guides
Grab all Types of Cozy Goodies Here!

Daily Joke
Cozy Cartoon
Goody-Frog
Flash Games

 
Help Guides - Techno Babble, Software and Technology
     
    Password Security!
    By Daniel Mitchell | Writer @ CozyFrog | AUG.04.2004

"Given the speed and capabilities of computers these days, it is clear that any password can be cracked. It will just take a little longer for some."
How many characters should you have in your password? 8, 15, 30 characters? Ask any number of programmers and they will tell you that the safest is one that contains 25 characters, with a mixture of numbers as well. They will also say it is impossible to crack. Well that may be true, especially if the average human had the capability to remember a 25 character password that was a mixture of both alpha and numerical characters.

For most people the only solution is to write the password down somewhere. Given the speed and capabilities of computers these days, it is clear that any password can be cracked. It will just take a little longer for some.

So is Size Important?

Definitely - but you do not have to go over board with it. Obviously a two letter password with someone's initials will be cracked using a pencil and paper but creating a password too long will create more problems. You will probably forget it within minutes. Similar to anything in life, the best password is a balanced one, which is relatively easy to remember and at the same time difficult for others to crack. Inserting numbers into your password, even if it just your name will increase it effectiveness to another level.

Using spaces and phrases in your password will also make it very difficult to guess and you should be able to remember it a lot better. If you do not know if your password is safe enough a great site to check is:

All you need to do is enter a password and it will score the strength of your password based on a number of guidelines and then give suggestions on how to make your password stronger. A few suggestions from the site that are a great starting point include:

  • Use a password with mixed-case letters. Use uppercase letters throughout the password.

  • Use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard.

  • Change passwords regularly. The more critical an account to network integrity the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.

Account Policies

Account policies affect how a user's account will interact with the computer or domain. Inside Account policies you will see three subsets:

  • Password policy
  • Account lockout policy
  • Kerberos policy

In this article I will be concentrating on Password policy. Password policies are primarily used for DOMAIN and LOCAL accounts. They determine settings for passwords ranging from their lifetimes to their complexities. When you select password policy you will see six parameters, which you are able to change if you need too.

The Six Parameters Include:

  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Maximum password length
  • Password must meet complexity requirements
  • Store password using reversible encryption for all users in the domain

Most people know, especially administrators, if the password settings are incorrectly set up it will cause a lot of headaches and problems. So today I thought we would go through some of the major parameters that you will most likely deal with and try to prevent some of the stress.

A common problem that most users have is that they will rarely or never change their password and if they do change it, they change it back to a password they are familiar with. 'Enforce password history' can be set to any value between 0-24 and allows you to set the number of password changes a user must go through before reusing the same password. Making sure that the 'Minimum password age' is correctly configured is also an important step. Depending on the environment that the passwords are being used for will no doubt determine the appropriate length.

For example in a school environment you may set the minimum password age so that students have to change their password each term whereas in a company you may want the employees to change their password monthly.

When setting the 'Maximum password age' it is not really useful having a low setting as that will allow the user to change their password to frequently. Microsoft recommends anything between 30 and 60 days, but has set the default at 42 days, which should be suitable for the majority of users. The most problems however arise from complexity issues.

The 'Password must meet complexity requirements' setting has a couple of great advantages.

Firstly it will force the user to create a password that is difficult to crack rather than just using an initial or a name. Secondly just by enabling this policy it will automatically set the minimum password length to six characters and prevents the user from using any part of their logon name. The user will also realize that if they try to use only numbers, all lower or all upper case letters that the password will not be accepted. Having a setting like this in place will ultimately force the user to create a password that has at least 3 of the following criteria:

  • Lower case letters (A through Z)
  • Upper case letters (A through Z)
  • Base 10 digits (0 through 9)
  • Non-alphabetic characters (!, $, %, @, &)

The final setting you will see is 'Store password using reversible encryption for all users in the domain'. This policy is in place to provide applications that require knowledge of the user's password for authentication purposes. In other words storing passwords using reversible encryption is like having a plaintext version of your passwords for all to see. This particular setting is by default disabled and should remain so unless the requirements of the application you are running outweigh the need to protect your password information.

Once you have understood how all these policies work and how they can be used together, it becomes rather easy to implement the settings you need to function securely without any headaches. Take the time to test out the each policy setting in depth in order to devise a scheme to suit your particular needs.

By Daniel Mitchell | Writer @ CozyFrog
Daniel has been a webmaster for several years and has worked on and designed various adult and commercial websites. He has written numerous articles for several webmaster resources and hangouts. He now calls CozyFrog his new home and is enjoying every minute of it.

<< TECHNO BABBLE | POST THOUGHTS | E-MAIL ARTICLE

:: THE LATEST COZY EXCLUSIVES ::

HOME SUBMIT ADVERTISE LINK TO US ABOUT US SITE MAP CONTACT
CozyAcademy.com  |   CozyCampus.com  |   CozyFlash.com  |   CozyToons.com  |   CozyNewsletter.com
COZY FROG is Intended for adults aged 18 or over. Terms / Privacy. Design By C-Pimp.
© 2001-08 CozyFrog.com. Trademarks belong to their respective owners. All rights reserved.