Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: Notesfiles; site uicsl.UUCP
Path: utzoo!linus!vaxine!wjh12!genrad!decvax!harpo!ihnp4!inuxc!pur-ee!uiucdcs!uicsl!wombat
From: wombat@uicsl.UUCP
Newsgroups: net.unix-wizards
Subject: Re: Obvious password detector / eliminat - (nf)
Message-ID: <12500023@uicsl.UUCP>
Date: Mon, 23-Apr-84 14:16:00 EST
Article-I.D.: uicsl.12500023
Posted: Mon Apr 23 14:16:00 1984
Date-Received: Wed, 25-Apr-84 04:30:55 EST
References: <199@wdl1.UUCP>
Lines: 16
Nf-ID: #R:wdl1:-19900:uicsl:12500023:000:796
Nf-From: uicsl!wombat    Apr 23 13:16:00 1984

#R:wdl1:-19900:uicsl:12500023:000:796
uicsl!wombat    Apr 23 13:16:00 1984

So encourage users to pick passwords that look like arbitrary strings,
but can be easily remembered as a sentence. E.g., a password is actually
"imimtlmom," but the user can remember it by taking the first letter
from each word of "It's May, it's May, the lusty month of May."
This produces a password unlikely to exist unencrypted anywhere on
the system, but since it can be re-created easily, the user need
not keep it written down. And I'm sure there must be quite a few other
schemes this easy. (Like, pick alien names from obscure 50's science
fiction stories, or use an uncommon foreign language, like Basque.)
I think this password-checking is a good idea for systems worried
about security, at least until a real, live secure UNIX comes out.
						Wombat
						ihnp4!uiucdcs!uicsl!wombat