Password security - Another idea
Keith Bostic
bostic at ucbvax.BERKELEY.EDU
Sat Dec 31 04:18:29 AEST 1988
In article <4523 at xenna.Encore.COM>, bzs at Encore.COM (Barry Shein) writes:
> 5. Finally, will educate users about how to choose a good
> password (maybe we can group-write a document about just
> that, that would be a useful outcome of this conversation.)
>
> This is trivial and can be enforced relatively easily without changing
> all sorts of system software, only one program needs to be modified.
I find educating users to be a lot more than "trivial". And no matter how
stringent your attempt to make the criteria, users will find a way to get a
stupid password into the machine.
I like some form of shadow passwords as a solution. Once they're in place,
you no longer care what the user picks for a password, as long as it's N
characters long and not the account name.
Keith Bostic
More information about the Comp.unix.wizards
mailing list