| Main Archive Page > Month Archives > postfix-users archives |
Re: BCP on throttling outbound mail
From: Mark Blackman <mark_at_nospam>Date: Wed Jul 25 2012 - 07:40:56 GMT
To: Ansgar Wiechers <lists@planetcobalt.net>
On 25 Jul 2012, at 08:20, Ansgar Wiechers wrote:
> On 2012-07-25 mouss wrote:
>> Le 24/07/2012 08:37, Stan Hoeppner a écrit :
>>> You'd think humans beings would be smart enough to follow directions
>>> and use strong passwords, AV software, etc, and not fall for phishing
>>> scams. Your adversary in this war isn't the spammers, it's not the
>>> technology, but your users.
>>
>> oh come on! the "users" excuse is wa too old. if your software accepts
>> weak passwords, then the problem is with the software, not the user.
>
> I'd have to disagree on this one. How do you measure strength or
> weakness of a password?
>
> Length? Is "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" strong?
>
> Complexity? Is "Passw0rd" strong?
>
> A combination of the above? Is "JosephAverage4/1/1999" strong?
>
> Frequent password changes? Is "simplepassword##" strong? (## being a
> sequential number)
>
> How do you effectively protect your infrastructure against users or
> (worse) customers writing their passwords on PostIts and leaving them
> around? How do you effectively protect your infrastructure against
> customers getting their own systems compromised?
>
> If you happen to have a solution for this problem, I'm honestly
> interested in learning about it, because I don't see any.
Isn't the conventional wisdom that a long password consisting of 3 or 4
common but longer words is sufficient and memorable, along the lines
of the famous XKCD panel?
Obviously there's more to it than that, but I didn't think there was
much disagreement about the ideal form of a memorable and strong password.
It's a given that your attacker will have an idea what form of password
to test for, if not the actual password.
Mark