Xref: utzoo comp.unix.questions:8091 comp.misc:2766 Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!nrl-cmf!cmcl2!phri!roy From: roy@phri.UUCP (Roy Smith) Newsgroups: comp.unix.questions,comp.misc Subject: Re: Password choices Keywords: passwords Message-ID: <3375@phri.UUCP> Date: 8 Jul 88 15:23:05 GMT References: <4387@ptsfa.PacBell.COM> <11470@steinmetz.ge.com> <434@proxftl.UUCP> Reply-To: roy@phri.UUCP (Roy Smith) Organization: Public Health Research Inst. (NY, NY) Lines: 21 Nobody has yet mentioned the quasi-classic paper "Password Security: A Case History" by Robert Morris and Ken Thompson. It's included in the 4.2/4.3 Unix documentation, and probably in most other Unix doc sets. While not an authoritative research paper on the subject, it does have some good suggestions. They give a short list of commonly used types of passwords, including anything in the dictionary, possibly spelled in reverse, and valid license plate numbers in your state. Obviously, any of the above are bad choices. Personally, I usually use some 6-8 letter word I can remember but with a deliberate mispelling, often combined with an unusual capitalization and/or a digit or two thrown in. Something like "graPHiks88". Easy enough to remember, but hard to guess. If what you're worried about is somebody watching over your shoulder while you type, the capitals and the digits don't help much; they just stand out like a sore thumb. When assigning passwords for incomming uucp accounts, I just type random patterns on the keyboard. -- Roy Smith, System Administrator Public Health Research Institute {allegra,philabs,cmcl2,rutgers}!phri!roy -or- phri!roy@uunet.uu.net "The connector is the network"