Password expiration is dead long live your password!

Good old Microsoft - somebody has finally seen the light. I have thought this for a very long time.

Password-expiration-is-dead-long-live-your-password


I still think passwords have a place in IT but with two factor authentication such as www.duo.com this obsession with changing passwords and having users writing them down or storing in the likes of KeePass needs to end; just let the user remember a decent password and go with what Microsoft are saying.

"Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives … If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem.
…If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration? And if they haven’t implemented modern mitigations, how much protection will they really gain from password expiration? …Periodic password expiration is an ancient and obsolete mitigation of very low value."

No comments:

Login to Oracle when max sessions exceeded

Quick tip - thanks to Russell Willcox for this one :)

See also :

 http://www.dba-oracle.com/t_connecting_hung_instance_using_prelim_option.htm

Login when max sessions exceeded (and you can’t log in using standard methods)

This is the backdoor entry method to access the database in a hung situation where no other methods are allowing you to create new sessions. 

 This will not create any session in the database and connects to the SGA directly.
cmd> sqlplus –prelim “/ as sysdba”  (or… sqlplus –prelim sys/password as sysdba)

note: just try typing sqlplus –prelim / as sysdba (don’t cut and paste – it doesn’t work)

sql> shutdown abort

sql> startup restrict

sql> exit

cmd> sqlplus / as sysdba

sql> alter system set sessions=600 scope=spfile;

sql> alter system set processes=600 scope=spfile;

sql> alter system set parallel_max_servers=0 scope=both; (IF NECESSARY... i.e. parallel processes swamping database)

sql> alter database mount;

sql> alter database open;

sql> create pfile from spfile;

sql> alter system disable restricted session;
No comments:
Subscribe to: Posts (Atom)