Security Basics mailing list archives

Re: Password creating Theories

From: Chris Umphress <umphress () gmail com>
Date: Tue, 15 Nov 2005 13:49:14 -0800

On 11/15/05, Glenn English <ghe () slsware com> wrote:

On Fri, 2005-11-11 at 16:27 -0500, Jennifer Fountain wrote:

I am currently coming up with a new policy to create root/admin
passwords for windows and linux boxes and would like to know your
thoughts on the methods you use to create them.  Thanks for any input!


I ask the person who's password is being created to tell me the second
line of a favorite song, then use the first letters of the line, using
numerals where possible and including any punctuation. It's easy for
that person to remember, harder for someone else, and not subject to
dictionary attacks.


I also favor old mailing addresses, phone numbers, or initials from
other easy-to-remember information for the user. Combine it, '13371fy'
it, and you have a half-way decent password.

Of course, this makes for a hard-to-impliment policy, but it works
great for security.

--
Chris Umphress <http://daga.dyndns.org/>

Current thread:

Password creating Theories Jennifer Fountain (Nov 15)
- Re: Password creating Theories Glenn English (Nov 15)
  - Re: Password creating Theories ework0 (Nov 16)
    - Re: Password creating Theories Glenn English (Nov 16)
  - Re: Password creating Theories Chris Umphress (Nov 16)
- Re: Password creating Theories Saqib Ali (Nov 15)
  - RE: Password creating Theories Jon Gucinski (Nov 16)
  - RE: Password creating Theories Adrian Floarea (Nov 16)
- Re: Password creating Theories Jacob Bresciani (Nov 15)
- Re: Password creating Theories Gaddis, Jeremy L. (Nov 16)
- Re: Password creating Theories Ansgar -59cobalt- Wiechers (Nov 16)
- Re: Password creating Theories Justin (Nov 16)
- <Possible follow-ups>
- Re: Password creating Theories Steve.Cummings (Nov 15)
  - RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories Andrew Williams (Nov 15)

(Thread continues...)