Brad Myers - Get Your Geek On

I was parusing some old email today and somehow ended up at a webpage written by Jesper Johansson. Jesper is a Senior Security guy at MS that I've seen speak a few times at various conferences in the past. He's probably best known as the Microsoft guy that told everyone "Write down your passwords!"... which isn't a bad idea! Anyway, back to the point of this blog. The page that Jesper has written dealt with how LM and NT hashes are created and stored in AD and SAMs. I use a 17 character password, which every time I type it in front of someone, is met with a confused and strange look combined with some comment like "Gee..think your password is long enough". To which I respond "Gee..think we could stop storing LM hashes on our servers?". Anyway, there's lots of articles out there on why you should use long passwords on Windows servers, like this one from Mark Minasi. And here's the very good article by Jesper on Windows and Passwords.