Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!tut.cis.ohio-state.edu!osu-cis!killer!letni!sneaky!gordon From: gordon@sneaky.TANDY.COM (Gordon Burditt) Newsgroups: comp.unix.questions Subject: Re: Need help with password aging Message-ID: <8656@sneaky.TANDY.COM> Date: 19 Mar 89 22:19:15 GMT References: <179@camdev.UUCP> <9059@alice.UUCP> <1071@vsi.COM> Reply-To: gordon@sneaky.UUCP (Gordon Burditt) Distribution: na Organization: Gordon Burditt Lines: 39 Password aging doesn't have to be quite so detremental to password security as "SURPRISE! You have to pick a new password RIGHT NOW!". The solution to this problem is to provide a "checkpwage" program, which you encourage users to put in their .profile or .login files. (And new users should get a skeleton file that includes that.) The user should be able to specify how much advance warning of password expiration is wanted. The program would run silently unless the password was about to expire, then issue a warning like "Your password will expire at the end of Friday, April 3. Please change your password soon." Also, another option on "checkpwage" should let the user find out when the password expires at any time. (In systems not using shadow password files, this information is available anyway, but in a difficult-to-use form. "checkpwage" probably shouldn't make it convenient to find out when someone else's password is due to expire.) This will not completely eliminate the SURPRISE! problem. Since Sys V password aging is based on weeks, most users would want a 1-week warning, so if they don't log in for a week, they could get surprised. Users going on vacation could check before leaving, if they happen to think of it. This scheme will probably encourage users to switch between two carefully-thought-out passwords instead of switching between two hastily-made-up passwords. If you want to fix that, keep records of a few old passwords *IN ENCRYPTED FORM*, and don't allow re-use. I don't agree with a previous poster who claims that this is a cure worse than the disease. Encrypted passwords that don't work anyway aren't that much of a risk, and there is no reason to make them widely readable. This will encourage the user to switch between several passwords, probably the same password with a variable field for the month that changes each time. This might be slightly more secure than switching between two passwords. A few security-conscious users, hopefully including the administrator, might actually think up good passwords. The original poster said that "the issue of password aging had come up". This is a good description: password aging is much more of an issue than it is a solution to anything. Gordon L. Burditt ...!texbell!sneaky!gordon