[TriLUG] Securely and Accurately transmit passwords
Chris Knowles
chrisk at trilug.org
Tue Oct 2 08:27:16 EDT 2007
This is a very good point.
I *almost* wouldn't blame them if the passwords were of the form
"s2Adf3#5^@"
However, as directed by on high, I'm not allowed to set the passwords
that evilly.
Instead I use a diceware (http://www.diceware.com/) type scheme to
generate the passwords.
Two words, with a symbol or space between them.
Thus, a typical password is "solemn+stony" (Just rolled that one up)
While a little longer than the 6 char we require, it's much easier to
remember than a completely random password, and has a good level of
entropy.
Well, much better than the name of their dog with a single digit after
it.
As an aside, diceware is a really nice way to generate longer
passphrases that you can actually remember.
CJK
On Tue, 2007-10-02 at 15:02 +1000, Jeremy Portzer wrote:
> Chris Knowles wrote:
>
> > Recently we've started seeing that they've taken these cards, taped them
> > into their laptops in plain sight. (And occasionally annotated them
> > with much too much information as to what that password would buy you.)
> >
> > Since the passwords are complex, phone conversations tend to lead to a
> > lot of phonetic spelling and shouting.
>
> Maybe the problem is the passwords are TOO complex requiring all but the
> most anal sysadmin to refer to a written reference? Maybe you could
> consider simplifying them a bit so people can more easily remember them?
> E.g. something like "2 of the 3: digit, capital letter, or symbol."
> Something like "Must contain at least 2 of each: digit, capital
> letters, and symbols" is much harder to deal with.
>
> Also, do users pick their passwords or do you pick them arbitrarily?
>
> There are a lot of 'social' aspects to password complexity schemes that
> are interesting to study. I don't know the state-of-the-art here.
>
> --Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20071002/e40b5179/attachment.pgp>
More information about the TriLUG
mailing list