What are good password rules and length-reqs? Password cracking software?
Posted on 2003-03-19
We are using soft certificates stored as pkcs#12 tokens. The only security to protect them is a password. Further it is not possible to revoke/abort after i.e 3 password attempts. The certificates has a lifespan of one year.
We need to better understand how to help users choose a good password, and would need a tool to understand how easy it is to crack a password. Are there any good literature ( preferably on the net ) on this? Any source for password crack tools so we can evaluate our rules against these.
What are your thoughts and recomendations on this?
We fully understand the risk virus and trojans pose to a system like this, so no need to discuss that here.