Obvious password detector / eliminator
Henry Spencer
henry at utzoo.UUCP
Sun Apr 22 10:43:44 AEST 1984
There is a disadvantage to this routine. My personal guess would be
that it will exclude almost any pronounceable word, even if it's a
nonsense word. Why is this significant? Because pronounceable words
are much easier to remember than arbitrary sequences of gibberish.
Well, you ask, why is *this* significant? Because if a user can't
remember his password, he will write it down, and that's just what we
don't want.
It is true that requiring a password to be pronounceable reduces its
information content, making brute-force password searching easier, but
the benefits are usually considered worth the cost. Password holders
are human; nothing short of military discipline (*good* military
discipline) will keep them from writing down something they find hard
to remember.
--
Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,linus,decvax}!utzoo!henry
More information about the Comp.unix.wizards
mailing list