The UserPassword does not use administrative level privilege. Defects in an application configuration will not prey upon the administrative level privilege by misconduct events. The UserPassword is not stored in an easily copied way. The UserPassword encryption method is not reversible; ABC ROT1 = BCD; BCD un-ROT1 = ABC The UserPassword choice cannot be successively guessed in less than 2 hours work. Note: a Pentium 4 can easily achieve 1,000,000 guesses per second; 2 hours work is 7,200,000,000 guesses. Most language dictionaries are less than 100,000 words. The UserPassword can be changed by an authorized authority without crashing the application. Thus, the password updates will not be avoided by systems administrators for years because of service crashing fears. Mis-entry of the UserPassword will not create a permanent lockout condition. Short duration lockouts are often sufficient to prevent brute force attacks. Long duration lockouts enable denial control attacks that lock up all accounts. -- DonTurnblade MS, CISM, CISSP, MCSE arctific@cox.net ---- CategorySecurity