Educate users about strong passwords
General concepts in security escape most end users, pointy-haired bosses, and other decision-makers, and even some junior administrators. While the more senior technologists may not ever hope to get them to relate to the finer points of DMZs and VLANs, we should at least continue to push and educate in the area of passwords.
Cracking passwords is incredibly easy. I learned how to crack passwords only days after I figured out how to get Linux to recognize my dialup modem. My 14-year-old brother taught me. A user with a recent Pentium-class desktop can launch a brute force password attack that can try upwards of 10 million word variations per second. Keep in mind that an attacker needs only one match, one IP address, and one rootkit or other privelege escalation routine to make your life a living hell.
By Brian Jones at Linux.com
[ Read more ]