I found a data-set of password(s) on DataScienceCentral: Password and hijacked email dataset for you to test your data science skills – And for fun, I played with the data-set for an hour or so:
1) Password Length vs Frequency
2) Percentage of passwords having at least one special character vs passwords having no special character:
3) Percentage of passwords that have: at-least one number, one alphabet & one special character AND length = 8 or more.
Let’s see a comparison of Passwords of length 8 or more (69.302%) vs Passwords of length 8 or more having combination of alphabets & numbers & special characters (1.485%)
That’s about it for now – it was fun!
And for those interested, here are the few behind the scene technical details:
Tools I used:
1. Excel & 2. SQL Server
Note: I first tried using Google refine to augment data – but it crashed on me. So thought of using SQL Server and TSQL. And if excel 2010 supported 2+ million then I would not have needed SQL server. Anyhow – the tool used is not important here.
2 million passwords in a .txt file.
Information I appended to the data-set using TSQL:
1. Length of password
2. Has Alphabets?
3. Has Numbers?
4. Has special Characters?
Plus few others derived from #2, #3 & #4 like ” has alphabets+ characters + special characters?”
That’s about it for the technical details. Ping me if interested!
I have written about how to disable password expiration for Windows Server 2008 R2 if it is NOT a domain controller. You can Find that post here: http://parasdoshi.com/2012/04/19/how-to-disable-the-password-expiration-policy-in-windows-server-2008-r2-demo-machine/
Now, if you are looking to disable the password for the Windows Server 2008 R2 dev. machine which is also a Domain Controller then follow these steps:
1) If you go to “Local security policy- you’ll see the options but it is not going to allow you to change the setting even if you are logged in as domain administrator.
2. So we need an alternate path to edit the password expiration policy.
Go to Start > Administrative Tools > Group Policy Management
3. Here click on “edit” for the default domain policy for the domain of your choice:
4. Go To Policies > Windows Settings > Security Settings > Account Policies > Password Policy
5. Change the Password Policy!
Note that changing your password policy to disable password expiration is a security vulnerability. It’s applicable for your Demo Machine only. Or your Dev Machine. The reason I am documenting it that I do not want to change the password of Windows Server on which I have my Sharepoint BI dev environment Setup. It’s MY Dev Environment and I am NOT sharing it with other folks PLUS I do not anything sensitive on it, So I can afford disabling the password expiration policy.
That’s about it for this post. Happy Tweaking!
I got this question recently and I thought of converting them into a “cloud 101” blog posts. So here they are:
Q: “Banking – with its high security needs and strict regulations – was always considered to be one of the last industries to accept cloud-computing”. So is cloud computing insecure?”
A: I would say – Cloud is secure. At least companies like Amazon (AWS), Microsoft, Google have advanced security mechanisms in place – In most cases, Cloud is more secure than private data-centers. And some banks do not move to Cloud (or cannot move to cloud) because of other reasons. And most of them fall on the legal side of things. Strict regulations (government regulations) as you mentioned.
And later at one point, we discussed about banks keeping parts of the data/app on-premise and moving other parts to cloud. That’s called hybrid cloud. What they do is that since they cannot move “sensitive” data to cloud because of government regulation and/or business policies – they move things that are permissible by law/business policies to cloud.
And we also discussed about what are the disadvantages of moving to cloud? I realized: Most of the perceived “disadvantages” are actually MYTHS. so at one point I felt the need to clear myths and then talk about other topics. It was fun though!
Cloud Security Alliance