Passphrases in Windows ??

  • Thread starter Thread starter Marlon Brown
  • Start date Start date
M

Marlon Brown

In a security workshop today somebody mentioned that a safe passphrase
system is available on Windows (not sure if it is XP, 2003, 2000). That
should provide capabilities for end users use "dictionary" passwords that
would be converted onto complex passwords in the background.

I reasearched that information and I couldn't find anything about Windows
offering that capability. I saw third party tools doing that job though.

Can somebody tell me if Windows offers passphrases features and if so, point
me to that direction.
 
It sounds like you are describing something that takes in one password from the
user and converts it to something else to send to the system. If that is it, I
haven't seen anything like it and would question its validity even if I saw it.
It would have to intercept all types of authentication attempts which means
inserting pretty deeply which would be a huge pain if MS updates something and
it breaks your third party tool.

You can use long passwords though, my password on one of my secure Windows
Servers is actually a passphrase that is about 50 characters long.

joe
 
Thanks. Are you saying you are able to use your password something like:

"Hello-world-I-am-here-since-1997"

and that would be considered a strong password ?
 
Yes you could use that password. It would be considered complex by the default
filter that Windows has if you enabled complexity filters, it may or may not be
considered ok if you add your own complexity filter as I have seen custom
filters that won't let you have the same TYPE of character two times in a row or
any real words (defined as words in a dictionary) in a password.

joe
 
You rule. Thanks.

Joe Richards said:
Yes you could use that password. It would be considered complex by the default
filter that Windows has if you enabled complexity filters, it may or may not be
considered ok if you add your own complexity filter as I have seen custom
filters that won't let you have the same TYPE of character two times in a row or
any real words (defined as words in a dictionary) in a password.

joe
Click to expand...
 
Back
Top