As systems administrators and security folks, we've all had our fill of our users and customers using simple passwords. Most operating systems these days now enforce some level of password complexity by default, with options to "beef up" the password requirements for passwords.
The prevailing wisdom today is to use passphrases - demonstrated nicely by our bud at xkcd - http://xkcd.com/936/
So I routinely have very long pass phrases for public facing accounts. Imagine my surprise when I was creating a new account on major cloud service (the one that starts with an "O" and ends with a "365"), and found that I was limited to a 16 character password.
Needless to say I have a case open to see if that limit can be removed. I'm not looking for no limit / invitation to a buffer overflow status on the password field, but something bigger than 16 would really be appreciated !
'취약점 정보1' 카테고리의 다른 글
| Pwn the n00bs - Acunetix 0day (0) | 2014.04.24 |
|---|---|
| Apache Struts2 취약점 대책에 대해 (CVE-2014-0094) (S2-020) (0) | 2014.04.24 |
| Be Careful what you Scan for! (0) | 2014.04.24 |
| apple 취약점 (0) | 2014.04.23 |
| 2014-04-23 취약점 정리 (0) | 2014.04.23 |