[ale] password management
Jonathan Rickman
jonathan at xcorps.net
Wed Jul 23 14:37:32 EDT 2003
On Wednesday 23 July 2003 14:32, J.M. Taylor wrote:
> secret_thing<concat>special_characters<concat>common_string<concat>month
> enough to foil those kinds of attacks? It certainly *seems* safer than me
> making up a longish random password that I have to write down until it's
> memorized...
As Bob pointed out. This is not the most foolproof method. This is what I
use on my own lab systems. I have used similar methods in production
environments that involved randomly generated passwords changed quarterly
combined with keywords that changed monthly. This type of method is good
for sysadmins only. I wouldn't dare foist this on a user base. If you
really want it secure you must use some form of two-factor authentication,
reasonable passwords that are easy to remember (something you know)
combined with some sort of token (something you have), are the proper
method to employ. This wouldn't solve the original problem though. I think
he's just looking for a method of either keeping passwords recorded (bad
idea as others have pointed out) or making them easier to remember without
sacrificing security on the altar of convenience.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list