Skip to Content.
Sympa Menu

assurance - RE: [Assurance] Failed Authentication Counter Strawman

Subject: Assurance

List archive

RE: [Assurance] Failed Authentication Counter Strawman


Chronological Thread 
  • From: "Michael W. Brogan" <>
  • To: "" <>
  • Subject: RE: [Assurance] Failed Authentication Counter Strawman
  • Date: Mon, 3 Jun 2013 21:25:28 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport04.merit.edu; dkim=neutral (message not signed) header.i=none
Benn,

Several months ago we at the University of Washington went through an
exercise to see how we might implement failed login tracking with our
systems. What we came up with was nearly identical to what you described and
diagrammed. We haven't implemented anything yet, but it's safe to say we are
considering a similar approach.

We were especially interested in using failed login counts and max guesses
per entropy level as the driver for password changes rather than
pre-determined password ages. I'm curious if anyone else has implemented
something like that on their campus yet.

--Michael

-----Original Message-----
From:


[mailto:]
On Behalf Of Benn Oshrin
Sent: Friday, May 31, 2013 2:52 PM
To:

Subject: [Assurance] Failed Authentication Counter Strawman

As mentioned on a couple of previous calls, I've been interested in a
solution for counting failed authentication attempts. I've drafted a
strawman, available for review at

https://spaces.internet2.edu/x/kAtOAg

I'd be interested in comments and feedback, and assuming no fatal flaw, I'd
also be interested if anyone else is considering a similar approach.

Thanks,

-Benn-

Archive powered by MHonArc 2.6.16.

Top of Page