[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server restored after Compromise

On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote:
> > An investigation of developer passwords revealed a number of weak
> > passwords whose accounts have been locked in response.
> That's not good.  
> Should we maybe implement a stricter password policy?  Or maybe only
> allow pubkey ssh authentication?

I would go for periodically cracking passwords, ones found with weak password
will have their account locked.
Note also that having pubkey ssh keys without keyphrase is quite pointless and
(IMO) way more dangerous than weak login password.

Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:

A child of five would understand this. Send someone to fetch a child of five.
-- Groucho Marx

Attachment: signature.asc
Description: Digital signature

Reply to: