Path: utzoo!utgpu!watmath!watdragon!watsol!tbray
From: tbray@watsol.waterloo.edu (Tim Bray)
Newsgroups: comp.unix.wizards
Subject: Quibble with article on: How to stop future viruses.
Summary: Most passwords probably stolen over shoulder not over network
Message-ID: <9902@watdragon.waterloo.edu>
Date: 22 Nov 88 23:30:51 GMT
References: <17575@adm.BRL.MIL> <31@microsoft.UUCP>
Sender: daemon@watdragon.waterloo.edu
Reply-To: tbray@watsol.waterloo.edu (Tim Bray)
Organization: U. of Waterloo, Ontario
Lines: 14

In article <31@microsoft.UUCP> w-colinp@microsoft.UUCP (Colin Plumb) writes:
> If you add mixed case and whatnot, you have more possible passwords than
> any brute-force attempt can hope to attack.  A more selective search must
> come up with a list of "probable" passwords.  If you make passwords fit
> some strange pattern that bears no resemblance to anything else...
In any reasonably large organization, I feel much more nervous about people
stealing my password by looking over my shoulder rather than people crawling
through my network.  Having once been sysadmin and having to type the root
password in an environment with tons of occasionally bored engineers hanging
around made me *real* nervous.  So: pick a password that's >6 chars and *you
can type it fast*.  For a touch-typist, this means alternating left and right
hand strokes.  Obviously it shouln't be in /usr/dict/words, but there's lots
of words like that...
Tim Bray, New OED Project, U of Waterloo, Ontario