Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

We are currently having accounts compromised at a substantially high rate. Some

ID: 662104 • Letter: W

Question

We are currently having accounts compromised at a substantially high rate. Some in the organization believe that our password complexity requirements is enough to thwart brute force attacks.

I wanted to test and demonstrate how certain password complexity requirements can actually reduce the password search space.

Has anyone done this before? What tools should I look into? I specifically would prefer to test it on our Exchange 2010 OWA web page since that is publicly accessible and not rate limited at the moment.

Explanation / Answer

While it is true that password complexity requirements do reduce the possible search space I'm not sure this is exactly what you're looking for.

Maybe you are referring to the habits of some people to go with more predictable choices (like "Password1") when required to have a mix of lowercase, uppercase, numbers, or symbols. While it is true that implementing password complexity does not prevent use of some weak passwords, it does eliminate the worst of the worst (like "password" and "123456"). But you are right that turning on complexity is not a solution to poor passwords by itself.

If you have evidence that someone is brute forcing passwords over OWA then the logs of the attempts and successes should be enough to show that password complexity is not effective enough. I'm not sure your demonstration of this attack in action would do much more to sway their opinion. And if you are unsuccessful it may actually strengthen their belief that nothing is wrong.

If your goal is to highlight general weaknesses in your fellow employees' password choices then I would suggest password cracking/analysis rather than online brute forcing. It should yield many more weaker passwords in a shorter timeframe which should help highlight any widespread password problems.

Related Questions

We are 1% confident that male students have a higher mean monthly income than fe
Question #3154540
We are 100% confused about what a cruffin is. Question 7 A social media marketin
Question #3367957
We are 90% confident that we have elected a sample whose range of values docs d
Question #3154088
We are 95% confident, based on the method used to calculate the interval, that 9
Question #3393457
We are BPJ Wine Wholesalers We wholesale cases of wine We just opened this year
Question #3908584
We are BPJ Wine Wholesalers We wholesale cases of wine We just opened this year
Question #3908668
We are Interested in the effect of intoxication on fine motor control. So, a gat
Question #3465564
We are Preparing the operating budget for the fourth quarter of 2009: Pro Forma
Question #2481449
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
We are currently doing a lab on the application of conservation of energy and mo
Next
We are currently using EasyRSA and OpenSSL to manage our user VPN certificates f

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.