[OWASP-Malaysia] Please Change Your Password For New Format Policy

5 views
Skip to first unread message

Harisfazillah Jamel

unread,
Oct 10, 2011, 5:02:16 PM10/10/11
to Open Web Application Security Project (OWASP) Malaysia Local Chapter, owa...@groups.facebook.com
Read it online

http://goo.gl/HZZCd
http://green-osstools.blogspot.com/2011/10/please-change-your-password-for-new.html
You are require to have a new password thats contain the following :-
Two upper case lettersTwo lower case lettersTwo numbersTwo special
characters (examples: @#$%^&*()_+|~-=\`{}[]:";'<>/)
Password must contain with minimum of 8 charactersPassword must be
changed on at least every 6 months
Your password is easy to be remembered but it is hard to guess.
You want it to be complex enough that it can’t be guessed, yet
meaningful enough that you can actually remember it. Use non-words but
associate them with a word. Imagine your pet’s name is Buddy, you live
on State Street, you’re 15, and you like to stargaze at night. A good
password for you would be BudStat15** - A Guide to Facebook Security
References :-
OWASP.my Discussion Group In Facebookhttps://www.facebook.com/groups/owaspmy/
Facebook Security Page and download E-book in PDF format A Guide to
Facebook Security.https://www.facebook.com/security
Password Policyhttp://en.wikipedia.org/wiki/Password_policy
SANS Institute Password
Policyhttp://www.sans.org/security-resources/policies/Password_Policy.pdf
_______________________________________________
OWASP-Malaysia mailing list
OWASP-M...@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-malaysia

OWASP Malaysia Wiki
http://www.owasp.my

OWASP Malaysia Facebook
http://www.facebook.com/OWASP.Malaysia

OWASP Malaysia Twitter #owaspmy
http://www.twitter.com/owaspmy

David Fetter

unread,
Oct 10, 2011, 5:15:19 PM10/10/11
to owasp-m...@lists.owasp.org
Would someone please show me a threat model with the following
characteristics?

1. Cryptanalytic attacks are plausible.

2. Within the context of 1 above, how this policy could solve more
problems than it causes.

Thanks in advance :)

Cheers,
David.

--
David Fetter <da...@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david....@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

Harisfazillah Jamel

unread,
Oct 10, 2011, 5:25:54 PM10/10/11
to Open Web Application Security Project (OWASP) Malaysia Local Chapter
None .....

On Tue, Oct 11, 2011 at 5:15 AM, David Fetter <da...@fetter.org> wrote:
> Would someone please show me a threat model with the following
> characteristics?
>
> 1.  Cryptanalytic attacks are plausible.
>
> 2.  Within the context of 1 above, how this policy could solve more
> problems than it causes.
>
> Thanks in advance :)
>
> Cheers,
> David.

David Fetter

unread,
Oct 10, 2011, 6:15:18 PM10/10/11
to owasp-m...@lists.owasp.org
Was that your point in posting this?

Cheers,
David.

--

David Fetter <da...@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david....@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

Reply all
Reply to author
Forward
0 new messages