msgbartop
News, views, tips and tricks on Oracle and other fun stuff
msgbarbottom

Oracle DB 11g Password Expiry Gotcha ↗

Jeff Hunter:

Something I discovered recently is that the DEFAULT profile for Oracle 11g sets the PASSWORD_LIFE_TIME to 180 instead of UNLIMTED by default.  Applications will encounter an “ORA-28002: the password will expire within X days” error message if you keep the default value.

To change the PASSWORD_LIFE_TIME, you:
ALTER PROFILE default LIMIT password_life_time UNLIMITED;

Read more about 11g new security related features here.

1 Comment | Filed in Links, Oracle, Tips | Tags: , , ,


Top ten tips for better password management

password.jpg

There is an article on Silicon.com about how companies can manage their passwords. The author offers the following tips for fostering a culture of secure and more effective password management:

  1. Passwords must not be written down.
  2. Passwords must be set. When the password is “ChangeMe”, then change it.
  3. Require as few passwords as possible. Balance how much password protection you need with how many passwords can reasonably be managed.
  4. Staff must change their passwords regularly. This limits the likelihood of old passwords, shared between colleagues in less-secure times, coming back to haunt you.
  5. Make new passwords new. Old password = “Rowanda1″. New password = “Rowanda2″. Not good.
  6. Avoid obvious words. Passwords must be more complex than a single word which can be hacked with a dictionary attack.
  7. Think long – but not too long. A password which consists of at least eight characters with a mix of upper case, lower case and numbers is a good start.
  8. Automate password changes. The process of making staff reset and choose secure passwords must also be automated.
  9. Educate staff. Ensure password policy is written into employment contracts and that all staff understand why and what that entails.
  10. Look at long-term solutions which will eventually replace passwords – such as biometrics.

I believe that most of the above applies to individuals as well. In fact, tip number 10 is already a reality for the average consumer like you and me. Search Google for “biometric password manager” to see what I mean.

Personally, I have tens of passwords I need to keep track of. Since I avoid writing passwords down and it is impossible for me to remember them all, I rely primarily on my password manager software and sometimes on my memory when I am faced with “Please enter your user name and password”. Maybe I should try this new APC Biometric Password Manager, or something similar.

8 Comments | Filed in Security, Technology | Tags: , ,


Password Overload

I have a password overload. Everywhere I go on the Net, I have to login. That means I have to memorize dozens of user name and password combinations.

I could just use the same user name and password on all sites, but this is not only insecure but also most of the time not possible because different sites have different requirements for user name and password size and complexity.

Just to give you a taste of what I deal with on a routine basis and what requires me to provide my user name and password: Continue reading…

11 Comments | Filed in Personal, Technology | Tags: , , ,


A Snow Storm and Stuff

Thanksgiving holiday is over and another work week is ahead. Last Friday we drove up to Mount Hood (East of Portland, Oregon). We barely made it back down, a snow storm hit the mountain while we were there. My wife took the following picture from inside the car while I was driving on a completely snow covered road:

IMG_0554

We made it home safe and sound. Down in Portland it was raining cats and dogs.

Also during the Holiday I took note of the following links:

  • Agatra is a free service that securely stores your passwords online so that they’re accessible from anywhere you have an internet connection. Are you kidding me?

  • Electric Sheep is a free, open source screen saver run by thousands of people all over the world. A complete waste of time.

  • This page lists over 500 colours by colour name, Hex value, RGB value and Microsoft Access code number. Useful when dealing with colors in HTML.

  • AjaxPatterns.org is an in-progress collection of Ajax patterns. Has the potential of being a good source of Ajax related programming techniques.

  • How To Write Unmaintainable (Java) Code. If you follow all these rules religiously, you will guarantee yourself a lifetime of employment. I am not sure I want to guarantee myself a lifetime employment by writing unmaintainable code!

  • 3D Walker is a page that uses the new canvas tag. This new tag is supported by Mozilla, Safari and Opera to draw bitmaps via JavaScript. Cool.

Comments Off | Filed in Interesting, Personal | Tags: , ,


Oracle Responds to the Password Hashing Algorithm Paper

In response to the recent publication by Joshua Wright and Carlos Cid, entitled “An Assessment of the Oracle Password Hashing Algorithm“, Oracle has just sent out the following e-mail to its customers (I got it a few minutes ago): Continue reading…

Comments Off | Filed in Oracle | Tags: ,


KeePass Password Safe

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage’s ftp password, online passwords (like CodeProject member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable. Continue reading…

Comments Off | Filed in Interesting | Tags: , ,


Password Protection

Use this script to protect online files. Users cannot cancel out of it. It can also be used with your browser’s home page to control Internet access on your own computer.

Comments Off | Filed in Interesting, Technology | Tags: ,