Mailing List Message #103542
From: Tom Rymes <>
Subject: Re: Tracking down a broken login password and subsequent attack
Date: Tue, 18 Sep 2012 12:45:58 -0400
To: CommuniGate Pro Discussions <>
On 09/17/2012 6:47 PM, Philip Slater wrote:


Password security is the big item in this as it is really surprising in my experience just how many people use weak passwords.

Fortunately, in version 6.0 we will have a password strength option.

Also for those interested, please email me directly if you are interested in a script that checks the password against the user name as well as against the top 500 commonly used passwords. (Works against plaint text and A-CRPT stored passwords).

One side note to pass on to your users and a joke I like to tell regarding security.

Teach users about simple '1337/leet' speak. i.e. use symbols and numbers for letter/phrase replacement: 2b0rn0t2b !!m@xw3|| th1$&th@

Joke: The IT specialist in charge of security is walking around the office when he sees one of the dimmer users start typing in an exceptionally long password into the system. They say to the user. 'I am impressed with the length of your password, while I can retrieve it from the source, I would like to ask what it is and how you came up with it. The user responds, 'Well it is mickeyminnydonaldgoofyhughiedeweylouiesacrament and I don't know why you are impressed with it since it was your password policy letter that told me how to set it up.' "Really? Do tell." asked the specialist. "Well you said it had to be seven characters long and include a capital."


That joke and the whole topic makes me want to refer to the xkcd comic located here:

Every time I find myself or my users struggling to find some password that will satisfy the Windows complexity rules I think of it.

The (unintentionally) funniest part of the joke is that the "dimmer user" being made fun of actually had the strongest password in the whole office and probably one of the easiest to remember.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster