ad44 at cityscape.co.uk
Wed Jan 14 00:55:24 UTC 2009
On Tue 13 Jan 2009 at 17:20:08 -0500, Mark Haney wrote:
> This is not as big a deterrent as you think. A typical 'brute force'
> attack nowadays is usually 6 to seven tries an IP over the course of
> weeks or months. This does two things, it narrows down potential
> usernames (and passwords) and makes it harder to protect against.
> That's why I use fail2ban.
Given a strong password the narrowing down is equivalent to removing one
grain of sand a year from a beach.
> Most users don't change passwords often (or,
> indeed at all) so this type of attack is more successful than you would
> think. Granted using strong passwords helps but no matter how strong it
> is, if you don't change it regularly, it'll get hacked.
Strong passwords are no less strong for not being changed.
More information about the ubuntu-users