Security Basics mailing list archives
RE: Password creating Theories
From: "Adrian Floarea" <adrian.floarea () uti ro>
Date: Tue, 15 Nov 2005 22:59:38 +0200
Selecting Good Passwords Rationale The object when choosing a password is to make it as difficult as possible for a cracker to make educated guesses about what you've chosen. This leaves him no alternative but a brute-force search, trying every possible combination of letters, numbers, and punctuation. A search of this sort, even conducted on a machine that could try one million passwords per second (most machines can try less than one hundred per second), would require, on the average, over one hundred years to complete. What Not to Use * Don't use your login name in any form (as-is, reversed, capitalized, doubled, etc.). * Don't use your first or last name in any form. * Don't use use your spouse's or child's name. * Don't use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc. * Don't use a password of all digits, or all the same letter. This significantly decreases the search time for a cracker. * Don't use a word contained in (English or foreign language) dictionaries, spelling lists, or other lists of words. * Don't use a password shorter than six characters. What to Use * Do use a password with mixed-case alphabetic characters. * Do use a password with nonalphabetic characters, e.g., digits or punctuation. * Do use a password that is easy to remember, so you don't have to write it down. * Do use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder. Method to Choose Secure and Easy to Remember Passwords * Choose a line or two from a song or poem, and use the first letter of each word. For example, ``In Xanadu did Kubla Kahn a stately pleasure dome decree'' becomes ``IXdKKaspdd.'' * Alternate between one consonant and one or two vowels, up to eight characters. This provides nonsense words that are usually pronounceable, and thus easily remembered. Examples include ``routboo,'' ``quadpop,'' and so on. * Choose two short words and concatenate them together with a punctuation character between them. For example: ``dog;rain,'' ``book+mug,'' ``kid?goat.'' Source : http://www.alw.nih.gov/Security/Docs/passwd.html On 11/11/05, Jennifer Fountain <jfountain () rbinc com> wrote:
I am currently coming up with a new policy to create root/admin passwords for windows and linux boxes and would like to know your thoughts on the methods you use to create them. Thanks for any input!
Regards, Adrian Floarea, CISA Information Security Department IT&C Division, UTI Systems SA Bucharest, Romania Email: adrian.floarea () uti ro
Current thread:
- Password creating Theories Jennifer Fountain (Nov 15)
- Re: Password creating Theories Glenn English (Nov 15)
- Re: Password creating Theories ework0 (Nov 16)
- Re: Password creating Theories Glenn English (Nov 16)
- Re: Password creating Theories Chris Umphress (Nov 16)
- Re: Password creating Theories ework0 (Nov 16)
- Re: Password creating Theories Saqib Ali (Nov 15)
- RE: Password creating Theories Jon Gucinski (Nov 16)
- RE: Password creating Theories Adrian Floarea (Nov 16)
- Re: Password creating Theories Jacob Bresciani (Nov 15)
- Re: Password creating Theories Gaddis, Jeremy L. (Nov 16)
- Re: Password creating Theories Ansgar -59cobalt- Wiechers (Nov 16)
- Re: Password creating Theories Justin (Nov 16)
- <Possible follow-ups>
- Re: Password creating Theories Steve.Cummings (Nov 15)
- RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories Andrew Williams (Nov 15)
- Re: Password creating Theories Saqib Ali (Nov 16)
- FW: Password creating Theories Christopher Carpenter (Nov 16)
- Re: FW: Password creating Theories Jonathan Loh (Nov 21)
(Thread continues...)
- Re: Password creating Theories Glenn English (Nov 15)