detecting lame passwords

Giganews Newsgroups
Subject: detecting lame passwords
Posted by:  G (gregstigers+w@spamcop.net)
Date: Tue, 12 Feb 2008

I know that the standard disclaimers apply: running certain security
auditing tools without permission may be criminally prosecutable, and at
least grounds for termination. With that happy thought in mind, what tools
would you recommend for finding who has a weak password? I've explained that
Winter07 is not a good password, but since Windows will accept it, I think
that some kind of auditing is my next prudent step.

Recommended products for preventing this in the first place are welcome as
well. But presenting a user with their password as evidence that they chose
a weak password seems to be hard to argue with.

My assumption is that such a tool would run under the admin account, and
that the tool itself should secured to said account.
________
Greg Stigers, MCSA
remember to vote for the answers you like

Replies