Password Security Policy Question

From: L. Adrian Griffis (dt26453at_private)
Date: Tue Sep 10 2002 - 09:36:26 PDT

Next message: Roman Drahtmueller: "Re: Password Security Policy Question"

Previous message: GreyMagic Software: "RE: Who framed Internet Explorer and IE6 SP1"
Next in thread: Roman Drahtmueller: "Re: Password Security Policy Question"
Reply: Roman Drahtmueller: "Re: Password Security Policy Question"
Reply: Nate Lawson: "Re: Password Security Policy Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am aware of a company that has instituted a policy that limits a
specific character in people's passwords to being a numeric character.
Personally, I am confused at this policy.  It seems to me that
placing such a specific limit on a specific position in a password
simply reduces the number of guesses that someone would have to try
in a brute force attack.

Does anyone out there know if there is any theoretical basis for
believing that a policy to limit a specific character position
in passwords to a numeric character will enhance security.  If not,
does anyone know how such a misunderstanding might have occurred?

Adrian

Next message: Roman Drahtmueller: "Re: Password Security Policy Question"
Previous message: GreyMagic Software: "RE: Who framed Internet Explorer and IE6 SP1"
Next in thread: Roman Drahtmueller: "Re: Password Security Policy Question"
Reply: Roman Drahtmueller: "Re: Password Security Policy Question"
Reply: Nate Lawson: "Re: Password Security Policy Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 10 2002 - 11:10:44 PDT