Talk:Password policy

From Wikipedia, the free encyclopedia

Can management force you to share your personal password with your co-worker.

Can they? Probably; it's their company. Should they? In other words, is it a reasonable security practice? Certainly not. Petershank 05:01, 17 March 2007 (UTC)

[edit] Security??

I have a question. This obviously helps against Dictionary attacks, but wouldn't using something so restrictive as the idea of Environ passwords DECREASE security by decreasing the number of passwords a person could use, therefore increasing the probability that the attacker (probably knowing the rules for a possible (used) password) could attack at this point(the point of password level security). For instance:

C  V  C  C  V  C  N  N
versus
AN AN AN AN AN AN AN AN

where

C=consonant(of which there exist 21)
V=vowel(of which there exist 5)
N=number[digit](of which there exist 10 (1-9 and 0))
AN=alphanumeric(of which there exist 26 + 10 = 36)

the number of possible (assuming both are case-insensitive) passwords are:

first password:
21 x 5 x 21 x 21 x 5 x 21 x 10 x 10 = 486202500
second password:
36 ^ 8 =                          2821109907456

Clearly, using such a system, while cutting down on some attacks, will increase the level of other attacks and (by probability) decrease the level of overall security by (drumroll please) : a factor of approximately

5802.3352563098708871303623490212.

http://wims.unice.fr/wims/wims.cgi factors numbers for people using windoze, linux has factor(6) and factor(6) [at least mine does], and I've never used a mac. Sorry. (This is in case you want to check my numbers. Please do; I'm not that sure they're right.)