random password generator
steve at BRL-BMD.ARPA
steve at BRL-BMD.ARPA
Tue Aug 21 16:16:49 AEST 1984
From: Stephen Wolff <steve at BRL-BMD.ARPA>
>> I believe that using a generated password like eCNrbU01 is
>> preferable and more secure than using your-name-spelled-backwards
>> or your-wife's-name or your-address or ......
It still stinks! Because something marvelous like eCNrbU01 is VERY likely to
be written down on a scrap of paper when Jane Q. User receives it from your
wonderful random gibberish generator, and then the scrap of paper will get
lost somewhere and one day a Bad Guy WILL find it and run through all your
user names until he finds the match. 'Course, YOU can feel good about it
because YOU didn't lose the scrap of paper; it's after all ol' Jane Q.'s OWN
dumb fault, and Sheesh when will those lusers learn anyway, right?
I think random, down-from-on-high passwords are a holdover from the bad old
days of supercilious computer center white-coats.
We let our users pick their own passwords, and enforce a few of the more
obvious caveats. I claim that one of my old passwords which was NEVER (until
now) written down was in practice MORE secure than eC-what-have-you. It was
BeethovenDucks (never-you-mind why I found it easy to remember).
-s
More information about the Comp.unix.wizards
mailing list