FYI. Suggestions for user's that always forget their
passwords. This is an unauthorized excerpt from one of the
digests I receive. I've highlighted the two most important
suggestions from this post.
------------------------------
From: Warren Moore <warren .
moore @
cbis .
com>
Date: 28 Mar 96 8:02:31 Subject: Re: Password Generation
While it's somewhat off-topic, several folks have written
lately concerning pronounceable passwords and the
generation thereof. Allow me to add to the confusion. We
all know that: 1) Reusable password aren't safe, 2)
Passwords need to be safe, 3) Passwords need to be hard
to crack, 4) Passwords need to be easy to remember, 5)
and a whole lot of other binary sets that are mutually
exclusive. Those of us old enough to remember coding in
machine language also remember that computer
passwords weren't originally for security purposes at all, but
were accounting/billing codes.
However, we're stuck with them. The powers that be in our
various companies/organizations either aren't enlightened
enough to spend $35-65 each for tokens for several
thousand users :-), or to mandate that everyone use Skey,
or don't want to rock the boat, or whatever. The scheme that
I've pushed for years creates passwords that are first of all
easy for the user to remember *which is by far the most
important thing from the user's viewpoint,* extremely difficult
for a cracker to guess, and immune to dictionary attacks. It's
based on pass-phrases, but helps with the keying difficulty.
Simply think up a phrase that you can remember,
preferably including a date: "I drive a 1954 Corvette in
parades." (Boy, I wish!) "My houseboat is a 1966 Coronet."
(Sold it.) "I was born in May of 1943." (Yes, I am one of
Marcus' "greybeards".) Use the first letter of each
word and part of the date to derive the password:
ida54cip. mhia66c. iwbimo43. Mix lower-case or
upper-case as you wish, or even follow conventional rules
of capitalization in your own grammar and treat it as a
sentence: Ida54Cip. Mhia66C. IwbiMo43. If you can't think
of a sentence on your own, use a song: "Just sit right back
and you'll hear a tale, a tale of a fateful trip. That started
from this tropic port, aboard this tiny ship." ("Gilligan's Isle"
theme song for the c ulturally depraved.) "Jsrbayhat,"
"atoaft," Tsfttp," "atts." Works for me.
- ---
Warren S. Moore, CISSP
<warren .
moore @
cbis .
com>
Information Security Specialist
Cincinnati Bell Information Systems Inc.
------------------------------
Mahalo, DPP. \m/ ^_^ \m/
The packet goes out the card, into the copper, out the router,
onto the fiber, across the world, thru the copper............
NOTHING BUT NET.
Follow-Ups:
|
|
