Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!wuarchive!swbatl!texbell!sugar!ficc!peter From: peter@ficc.uu.net (Peter da Silva) Newsgroups: comp.unix.wizards Subject: Re: What should the password/security/userinfo/login system include? Message-ID: <7347@ficc.uu.net> Date: 18 Dec 89 22:51:10 GMT References: <4180@sbcs.sunysb.edu> <1989Dec7.172233.10130@chinet.chi.il.us> <7284@ficc.uu.net> <10665@unix.UUCP> <7311@ficc.uu.net> <17451@rpp386.cactus.org> Reply-To: peter@ficc.uu.net (Peter da Silva) Followup-To: alt.flame Distribution: usa Organization: Xenix Support, FICC Lines: 30 In article <17451@rpp386.cactus.org> jfh@rpp386.cactus.org (John F. Haugh II) writes: > In an ideal world, yes, the ideal user would use 8 character random > generated passwords. However, studies show that more difficult > passwords tend to be written down, and once people start writing > down passwords, security goes out the window. Isn't that implied by what I just said? I don't know where you get these ideas. It's certainly not by reading what I wrote, and if it's by reading my mind you've obviously got a noisy connection. For "machine" read "administrative unit". Sure, use the same password on all the workstations in your department, or all he computers at your computer center. How many people have 30 or 40 accounts under different umbrellas? Unless you mean BBSes... if you're worried about BBS security I suggest you start by burning the floppies and fire a 45 through the hard disk... Security and convenience are orthogonal considerations. The more secure your system, the less convenient it is to use. Outside of the paranoid reality inhabited by the DoD and IBM, the sort of fascist tactics you're suggesting (such as forcing people to choose new passwords that don't match any old ones and avoid certain patterns) just aren't worth it. And within it, they just make it harder for people to remember their passwords. So they write them down. -- `-_-' Peter da Silva. +1 713 274 5180. . 'U` Also or . "It was just dumb luck that Unix managed to break through the Stupidity Barrier and become popular in spite of its inherent elegance." -- gavin@krypton.sgi.com