Xref: utzoo alt.security:743 comp.protocols.tcp-ip:11534 alt.sys.sun:943
Path: utzoo!utgpu!watserv1!watmath!att!occrsh!uokmax!apple!usc!cs.utexas.edu!rutgers!rochester!ken
From: ken@cs.rochester.edu (Ken Yap)
Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <1990Jun3.175614.6322@cs.rochester.edu>
Date: 3 Jun 90 17:56:14 GMT
References: <1990Apr20.192233.4092@utzoo.uucp> <6721@blake.acs.washington.edu> <BT+2NO5xds13@ficc.uu.net> <PMY$TW?@b-tech.uucp> <1990Jun3.152118.4758@cunixf.cc.columbia.edu>
Reply-To: ken@cs.rochester.edu
Organization: University of Rochester Computer Science Dept
Lines: 19
Address: Rochester, NY 14627, (716) 275-1448

In article <1990Jun3.152118.4758@cunixf.cc.columbia.edu>:
|In article <PMY$TW?@b-tech.uucp> zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff) writes:
|>All this emphasis on turning off tftp and waiting for shadow password 
|>files may be clouding the simpler and more effective solution.  Force 
|>users to pick good passwords!  Something with some non-alpha 
|>characters and mixed case (not the first letter capital).  
|
|This suggestion has been mentioned many times on the net, but it also has
|a problem.  If passwords are non-mnemonic, unpronounceable and non-suggestive 
|(as all "good" passwords are), then they are easy for users to forget;  not 

I once read a good suggestion for choosing a mnemonic, yet hard to
guess password: take a catchy phrase and turn it into an acronym,
capitalizing and inserting punctuation as necessary. For example "Hey
man, don't have a cow" becomes Hm,dhac. I can't take credit (or blame
:-)) for this, I wish I remember the poster who suggested this. If you
are out there, take a bow.

Don't blame me if everybody chooses a Simpsons phrase... :-)