Path: utzoo!mnetor!uunet!husc6!ukma!psuvm.bitnet!cunyvm!unknown
From: rrk@byuvax.bitnet
Newsgroups: comp.os.vms
Subject: Re: security holes
Message-ID: <48rrk@byuvax.bitnet>
Date: 31 Dec 87 04:15:58 GMT
Lines: 14

Any simple subsitution of "^A" for "A" in a password is easily guessed.
You can use non-alphabetic characters such as "$" or "_", and probably
others, but this is "light years" behind generated passwords.  I use generated
passwords (ten digit) all the time.  I've never had trouble periodically
memorizing a new password generated by VMS.  And it sure helps prevent many
security problems with user-generated passwords.  I'll bet I could watch
over your shoulder while you type "Indiana" and even see how many times
your finger brushes the control key and try a few variations and be in.
But I have yet to have anyone--even several who have tried--glance and pick
up my generated password as I've typed it in.  It may be a little harder
for me to remember, but it'll be a lot harder for someone who sees it for
the first time and never sees it all echoed together.

Just so you won't be dissappointed:  UNIX Security?  BOO HISS!