password security

Sat Dec 24 07:20:07 AEST 1988

In article <5835 at saturn.ucsc.edu> haynes at ucscc.UCSC.EDU (Jim Haynes) writes:
}In article <5005 at b-tech.ann-arbor.mi.us> zeeff at b-tech.ann-arbor.mi.us (Jon Zeeff) writes:
}>The simple solution seems to be to force users to use some non alpha
}>character somewhere in the middle of their passwords.  Users then tend 
}>to use a combination of two words which prevents the dictionary search.
}
}the 4.3-tahoe-BSD version of passwd seems to do this.  At least the last
}time I logged into a tahoe system and tried to change my password it
}wouldn't rest until I had put a non-alphabetic character into it.
}Had the same experience on a Convex machine.
}
Requiring the use of a non-alphanumeric character is not at all sufficient.
Many people react to this by just putting a special character (usually ".")
in front of their old password...

Now, if you start by forcing users to put the non alphanumeric char somewhere
in the middle of the password this would no longer work, but users will still
come up with passwords that are a lot easier to guess than zXk.4;ur...

Paul.
-- 
------------------------------------------------------
|debra at research.att.com   | uunet!research!debra     |
------------------------------------------------------