[OWASP-Malaysia] Please Change Your Password For New Format Policy

David Fetter david at fetter.org
Mon Oct 10 17:15:19 EDT 2011


Would someone please show me a threat model with the following
characteristics?

1.  Cryptanalytic attacks are plausible.

2.  Within the context of 1 above, how this policy could solve more
problems than it causes.

Thanks in advance :)

Cheers,
David.
On Tue, Oct 11, 2011 at 05:02:16AM +0800, Harisfazillah Jamel wrote:
> Read it online
> 
> http://goo.gl/HZZCd
> http://green-osstools.blogspot.com/2011/10/please-change-your-password-for-new.html
> You are require to have a new password thats contain the following :-
> Two upper case lettersTwo lower case lettersTwo numbersTwo special
> characters (examples: @#$%^&*()_+|~-=\`{}[]:";'<>/)
> Password must contain with minimum of 8 charactersPassword must be
> changed on at least every 6 months
> Your password is easy to be remembered but it is hard to guess.
> You want it to be complex enough that it can’t be guessed, yet
> meaningful enough that you can actually remember it. Use non-words but
> associate them with a word. Imagine your pet’s name is Buddy, you live
> on State Street, you’re 15, and you like to stargaze at night. A good
> password for you would be BudStat15** - A Guide to Facebook Security
> References :-
> OWASP.my Discussion Group In Facebookhttps://www.facebook.com/groups/owaspmy/
> Facebook Security Page and download E-book in PDF format A Guide to
> Facebook Security.https://www.facebook.com/security
> Password Policyhttp://en.wikipedia.org/wiki/Password_policy
> SANS Institute Password
> Policyhttp://www.sans.org/security-resources/policies/Password_Policy.pdf
> _______________________________________________
> OWASP-Malaysia mailing list
> OWASP-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> 
> OWASP Malaysia Wiki
> http://www.owasp.my
> 
> OWASP Malaysia Facebook
> http://www.facebook.com/OWASP.Malaysia
> 
> OWASP Malaysia Twitter #owaspmy
> http://www.twitter.com/owaspmy

-- 
David Fetter <david at fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter at gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate


More information about the OWASP-Malaysia mailing list