Managing Passwords

Left to their own devices, people will not pick very good passwords. Yet we need them to pick longer ones to protect themselves. To reconcile that dilemma, we need to rethink some old concepts that many hold as truth.

Use Other Authenticators

First, a password that the user does not know is better than one the user does know. If you use smart cards and configure the system to require smart card logon, every account will still have a password, but it will be a long and random password. Its hash can still be stolen from any computer that the user logs on to, providing that malware running as the operating system is present on that computer, but the password, for all practical purposes, can never be guessed.

Record Passwords, Safely ...

Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.