Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ncar!ames!pasteur!ucbvax!bostic
From: bostic@ucbvax.BERKELEY.EDU (Keith Bostic)
Newsgroups: comp.unix.wizards
Subject: Re: Password security - Another idea
Message-ID: <27283@ucbvax.BERKELEY.EDU>
Date: 30 Dec 88 18:18:29 GMT
References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <4523@xenna.Encore.COM>
Organization: University of California at Berkeley
Lines: 18

In article <4523@xenna.Encore.COM>, bzs@Encore.COM (Barry Shein) writes:

> 	5. Finally, will educate users about how to choose a good
> 	password (maybe we can group-write a document about just
> 	that, that would be a useful outcome of this conversation.)
> 
> This is trivial and can be enforced relatively easily without changing
> all sorts of system software, only one program needs to be modified.

I find educating users to be a lot more than "trivial".  And no matter how
stringent your attempt to make the criteria, users will find a way to get a
stupid password into the machine.

I like some form of shadow passwords as a solution.  Once they're in place,
you no longer care what the user picks for a password, as long as it's N
characters long and not the account name.

Keith Bostic