Incorrect Login Attempts Software

  • Thread starter Thread starter Ally
  • Start date Start date
A

Ally

Does anyone know any software out there that will record all incorrect login
attempts?

My business doesn't have the resources available to properly manage the
account lock out policy so I need to know if there are suspicious multiple
incorrect login attempts?
Thanks
 
Just use good passwords (I like length better than complexity) and do away
with account lockout policies completely. You're right, lockout is expensive
to manage. Plus, it creates a situation where an attacker can conduct
purposeful bogus logons to lock you out of your own accounts. Wonderful form
of a denial of service attack!

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Ally" wrote in message
news:363F4528-3B85-4922-858E-7D03D6537781@microsoft.com...
> Does anyone know any software out there that will record all incorrect
> login
> attempts?
>
> My business doesn't have the resources available to properly manage the
> account lock out policy so I need to know if there are suspicious multiple
> incorrect login attempts?
> Thanks
 
Issue here is that there is a 'watershed point' at which passwords become
non-memorable. People then start writing passwords on post-its attached to
displays. At this point the security of the system plummets.

This is particularly true with 'complexity requirements' which require
numbers, capitals and punctuation, since these prevent the use of a memorable
passphrase.

"Steve Riley [MSFT]" wrote:

> Just use good passwords (I like length better than complexity) and do away
> with account lockout policies completely.
 
And if the post-it isn't attached to the monitor? Or maybe not a post-it
note used, but a more secure media?

And don't discount a distinct possibility of creating very complex but quite
memorable passphrases. I'll give you an example:

"Dczrjve ujhjle Cdjq yhfd s ghfdf,"

Along those lines.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Anteaus" wrote in message
news:756EAFC8-EE43-4B9F-A1EE-2ACE5643656F@microsoft.com...
> Issue here is that there is a 'watershed point' at which passwords become
> non-memorable. People then start writing passwords on post-its attached to
> displays. At this point the security of the system plummets.
>
> This is particularly true with 'complexity requirements' which require
> numbers, capitals and punctuation, since these prevent the use of a
> memorable
> passphrase.
>
> "Steve Riley [MSFT]" wrote:
>
>> Just use good passwords (I like length better than complexity) and do
>> away
>> with account lockout policies completely.
>
>
 
Check out my article at
http://blogs.technet.com/steriley/archive/...once-again.aspx.
Complex passwords are actually more difficult to remember and more likely to
be cracked (because they're short) than simple sentences.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Anteaus" wrote in message
news:756EAFC8-EE43-4B9F-A1EE-2ACE5643656F@microsoft.com...
> Issue here is that there is a 'watershed point' at which passwords become
> non-memorable. People then start writing passwords on post-its attached to
> displays. At this point the security of the system plummets.
>
> This is particularly true with 'complexity requirements' which require
> numbers, capitals and punctuation, since these prevent the use of a
> memorable
> passphrase.
>
> "Steve Riley [MSFT]" wrote:
>
>> Just use good passwords (I like length better than complexity) and do
>> away
>> with account lockout policies completely.
>
>
 
Long passphrases don't have to be difficult to remember even with the
complexity requirements.

"My 2 dogs are cute!" is 19(?) characters long, mixed case, with numbers
and symbols. You might not even need the exclamation point due to the
spaces.

If the user really can't remember the passphrase then a reminder such as
"What are the dogs?" could be written on a Post-It and not overtly give
away what the passphrase is.

"Star Trek 4 was the BEST one"
"3 More Years - Retire"
"Me+Her=2Smiles"

Lots of easy passphrases that can meet the requirements and that nobody
is going to easily guess or brute force.

--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com



"Anteaus" wrote in message
news:756EAFC8-EE43-4B9F-A1EE-2ACE5643656F@microsoft.com:

> Issue here is that there is a 'watershed point' at which passwords become
> non-memorable. People then start writing passwords on post-its attached to
> displays. At this point the security of the system plummets.
>
> This is particularly true with 'complexity requirements' which require
> numbers, capitals and punctuation, since these prevent the use of a memorable
> passphrase.
>
> "Steve Riley [MSFT]" wrote:
>
>
> > Just use good passwords (I like length better than complexity) and do away
> > with account lockout policies completely.
 
Event Viewer | Security probably. Though it depends a little upon what
they're trying to login to. That won't record incorrect login attempts
to Google Mail or anything like that - just to the local machine/domain.

--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com



"Ally" wrote in message
news:363F4528-3B85-4922-858E-7D03D6537781@microsoft.com:

> Does anyone know any software out there that will record all incorrect login
> attempts?
>
> My business doesn't have the resources available to properly manage the
> account lock out policy so I need to know if there are suspicious multiple
> incorrect login attempts?
> Thanks
 
Back
Top