Re: Password Security

[Christopher Webber <christopher.webber () UCR EDU>]

As I read this I also begin to wonder...  What are sysadmins doing to
protect the root/admin passwords?

Christopher Webber, SCSA
Resnet Coordinator
Housing Services
University of California, Riverside

Office: 951.827.6595
Fax: 951.827.7099



Some things Man was never meant to know. For everything else, there's Google.
- Unknown



Vicky Walker wrote:
> David's response leads me to ask what the general consensus is about
> the safety of Password Safes and what are the best ones out there today?
>
> >>> David Seidl <dseidl () ND EDU> 10/23/2007 3:25 PM >>>
> I ran into Gary in the hall and mentioned what I tell people who can't
> remember passwords/passphrases, and who can't or won't use a Password
> Safe style application.
>
> The spiel goes something like this:
>
> If you can't remember your passphrases, then you should write down part,
> and remember the rest. A list of phrases with a common key portion
> missing is quite reasonable as long as it isn't easily reverse
> engineered. The incidence of losing both your wallet, and having someone
> learn your keyphrase is likely to be very low unless you're in the bad
> habit of muttering as you type it...
>
> If you do lose the battle over the cards, turn it into a user education
> opportunity - "How many of you in this room have lost your wallet, or
> had it stolen?"  followed by "Who has their complete password written
> down in their wallet next to their university ID card?" should be a
> winning combination.
>
> David
> --
> ------------------------------------------------------------
> David Seidl, CISSP
> University of Notre Dame, Office of Information Technologies

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature