| Read this whole guide offline with no ads, for a low price! |
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31) |
|
| Need more practice? 300 additional Security+ questions! |
| Get It Here! |
|
|
1.4.11 Password Guessing
A 'black hat' will have in their
toolkit several password guessing programs, which automate
the process of rapidly testing many potential passwords for a given
account. The most commonly used password guessing method is the
dictionary attack (See 1.4.11.2)
Typically systems help guard against
this by logging login attempts, perhaps flagging unsuccessful attempts
in big red letters. Also make sure that if your system offers the availability
to lock a user account after some number of unsuccessful login attempts,
that you use it (somewhere around 3 to 5 seems to be the “magic
number” of attempts usually tolerated before you should get worried
that someone’s trying to guess a password).
|
Quick navigation to subsections and regular topics in this section
|
| If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|
