Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!udel!haven.umd.edu!uvaarpa!murdoch!astsun9.astro.Virginia.EDU!gl8f
From: gl8f@astsun9.astro.Virginia.EDU (Greg Lindahl)
Newsgroups: comp.org.eff.talk
Subject: Re: Allow students to run password guessers?
Message-ID: <1991Jun24.190328.19576@murdoch.acc.Virginia.EDU>
Date: 24 Jun 91 19:03:28 GMT
References: <1991Jun24.041435.5423@athena.cs.uga.edu> <44260@fmsrl7.UUCP>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: Department of Astronomy, University of Virginia
Lines: 14

In article <44260@fmsrl7.UUCP> wreck@fmsrl7.UUCP (Ron Carter) writes:

>Why don't you just run COPS yourself every so often, and have it
>send mail to the users whose passwords are easily broken?  You
>won't have to worry about crackers using dictionary searches on
>your system ever again.

I should note in passing that if you have a small enough set of users,
it's probably better to contact them personally and give them a
lecture on how to pick a good password. Novice users are often
confused by email, and a cracker will get a laugh out of such a
notice, but a phone call is hard to ignore and will often tell you
whether or not the account has been broken into. "Gee, I haven't
logged in in the past week..."