Xref: utzoo comp.unix.questions:8091 comp.misc:2766
Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!nrl-cmf!cmcl2!phri!roy
From: roy@phri.UUCP (Roy Smith)
Newsgroups: comp.unix.questions,comp.misc
Subject: Re: Password choices
Keywords: passwords
Message-ID: <3375@phri.UUCP>
Date: 8 Jul 88 15:23:05 GMT
References: <4387@ptsfa.PacBell.COM> <11470@steinmetz.ge.com> <434@proxftl.UUCP>
Reply-To: roy@phri.UUCP (Roy Smith)
Organization: Public Health Research Inst. (NY, NY)
Lines: 21


	Nobody has yet mentioned the quasi-classic paper "Password Security:
A Case History" by Robert Morris and Ken Thompson.  It's included in the
4.2/4.3 Unix documentation, and probably in most other Unix doc sets.  While
not an authoritative research paper on the subject, it does have some good
suggestions.  They give a short list of commonly used types of passwords,
including anything in the dictionary, possibly spelled in reverse, and valid
license plate numbers in your state.  Obviously, any of the above are bad
choices.

	Personally, I usually use some 6-8 letter word I can remember but
with a deliberate mispelling, often combined with an unusual capitalization
and/or a digit or two thrown in.  Something like "graPHiks88".  Easy enough
to remember, but hard to guess.  If what you're worried about is somebody
watching over your shoulder while you type, the capitals and the digits don't
help much; they just stand out like a sore thumb.  When assigning passwords
for incomming uucp accounts, I just type random patterns on the keyboard.
-- 
Roy Smith, System Administrator
Public Health Research Institute
{allegra,philabs,cmcl2,rutgers}!phri!roy -or- phri!roy@uunet.uu.net
"The connector is the network"