Dont use passwords on Windows network

**skroo** · October 17, 2004, 11:49

Originally posted by mikedc1760

http://blogs.msdn.com/robert_hensing...28/199610.aspx

I thought this was preety interesting.

Good lord... He's just rehashed something everyone's known for years.

**atripes** · October 17, 2004, 13:13

obviously he works for emsoft.

**mikedc1760** · October 17, 2004, 14:36

Eh ok, you can delete it then.

**skroo** · October 17, 2004, 21:58

Originally posted by mikedc1760

Eh ok, you can delete it then.

No, it stands - it's relevant, just not anything new or exciting.

However, this article might be worth looking into for some insight on how to better choose and protect passwords and why. Though Windows-centric, many of the basic concepts presented can be applied to pretty much any OS using passwords for authentication.

**Gadsden** · October 18, 2004, 10:01

I like Bruce Schneier's idea of requiring users to have a 2-part password; one part easy to remember, the other part difficult. They then write the hard half down and put it in a "secure" place (wallet, etc), and the other have must be memorized. While a tad difficult to enforce and not perfect, it is better than requiring users to remember "#$%GVSd14ed" as a password.

I personally prefer passphrases, with random characters tossed in.

**LiveWire** · October 18, 2004, 10:53

How about just not using windows?

From what I've experianced the entire OS is a security risk if you dont know what you're doing. The only thing that seconds windows as entirely shitty is AOhell (AOL)

**Voltage Spike** · October 18, 2004, 11:40

No Religious Wars, Please

Originally posted by LiveWire

How about just not using windows?

Although the word "Windows" is in the title, the principle idea applies to all systems. My guess is that Windows does not use a challenge/response authentication mechanism, and, as a result, is more vulnerable. However, your Linux (just to pick one example) passwords are just as vulnerable if someone gets the shadow file.

Originally posted by LiveWire

From what I've experianced the entire OS is a security risk if you dont know what you're doing. The only thing that seconds windows as entirely shitty is AOhell (AOL)

We have discussed the issue of Microsoft Windows security before, and you aren't going to get much support in these forums. Every user-friendly system is weak until someone tightens the system down. You might have had a point ten years ago, but things have changed quite a bit since then.

**LiveWire** · October 18, 2004, 12:33

Thanks for not being an ass. Most people, I thought, would be an ass to me. But hey, maybe I'm wrong. I know I'm looking forward to Longhorn, because its supposed to kick major ass. Dont get me wrong, I use windows but I keep my box secure for the most part. I dont claim to be 'leet' or good wth computers, but I know that I dont like windows all that much. I'm just not a Microsoft fan at all.

**mobility** · October 18, 2004, 15:10

Interesting albeit dated read. I remember reading different articles with similar content in the past. It still doesnt address hash insertion, but oh well.

Dont use passwords on Windows network

Dont use passwords on Windows network

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment