Security Basics mailing list archives
Password creating Theories
From: underwood-de () hotmail com
Date: 17 Nov 2005 13:34:56 -0000
As the sys admin of a classified network we forced the change of passwords every 30 days and we had users that ranged from clerical support staff to people with PHDs. (not necesarily the brightest people either) One of the simplest yet reasonably effective methods for a good rememberable password for the user that I encouraged them to use was to use a favorite song or poem and use a minimum of 2 words, preferably 3 words from the song or poem as there password. This made it a sufficiently long, it did not have complexity but the 30 day password change policy negated that aspect and it was reproduceable. I used a common drinking song as an example, 99 bottles of beer on the wall, take one down pass it around, 99 bottles of beer on the wall. I would use "99bottlesofbeer" as the example as it had two numbers and 13 letters which was a very suitable password, was easy to remember and easy to type. As we had STRONG physical security if they insisted on creating a text file with there password on there personal drive on the Secure network we were not to concerned about that either. I do have to point out that the users hardrives were locked up at night in a good to secret cabinet, we had fiber to the desktop, our servers were in an access controled, shielded room, in which the outside door code changed every 30 days and each room inside had it's own lock and key. No user saw any other users home drive and data was partitioned off to each groups use and stricly enforced. They were only allowed to print on network controled printers that were in there area/group. In other words passwords were an important PART of a controlled and layered defence.
Current thread:
- RE: Password creating Theories, (continued)
- RE: Password creating Theories Andrew Williams (Nov 15)
- Re: Password creating Theories Saqib Ali (Nov 16)
- FW: Password creating Theories Christopher Carpenter (Nov 16)
- Re: FW: Password creating Theories Jonathan Loh (Nov 21)
- RE: Password creating Theories Andrew Williams (Nov 16)
- RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories David Fiore (Nov 21)
- RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories dave kleiman (Nov 16)
- Re: Password creating Theories Neksus (Nov 16)
- RE: Password creating Theories Bob Kurth (Nov 16)
- Password creating Theories underwood-de (Nov 17)
- RE: Password creating Theories Andrew Williams (Nov 21)
- RE: Password creating Theories Andrew Williams (Nov 15)