Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!ncar!boulder!sunybcs!bingvaxu!leah!itsgw!steinmetz!uunet!ccicpg!nick From: nick@ccicpg.UUCP (Nick Crossley) Newsgroups: comp.unix.wizards Subject: Re: Here's a *BRILLIANT* password idea! Message-ID: <43908@ccicpg.UUCP> Date: 5 Dec 88 22:30:34 GMT References: <43034@ccicpg.UUCP> <1096@murtoa.cs.mu.oz.au> Reply-To: nick@ccicpg.UUCP (Nick Crossley) Organization: CCI CPG, Irvine CA Lines: 30 In article <1096@murtoa.cs.mu.oz.au> glf@munnari writes: >From article <43034@ccicpg.UUCP>, by nick@ccicpg.UUCP (Nick Crossley): >> I have often wondered about the four-digit limit anyway - surely even some >> branches must have close to 9999 accounts, let alone whole banks. That does >> make the code number very unique. > >Passwords never need be too unique as they are tied to the id of the requester >and the methodolgy used to gain access to the protected enviroment. >For ATM's the four digit number is reasonable > and another poster made a similar comment. This does not make me feel any happier. If the password is not sufficiently unique, it has little value. If all passwords were the same (the digit '1'), then loss of your ATM card would be serious, as any person finding it could use it. If all passwords were drawn from a sufficiently small set, then the same applies. This is more or less what the Unix password debates have been about, and (presumably) what led the original poster to comment on ATM systems. We are trying to encourage Unix users to use non-obvious passwords from a potentially very large set, and there are versions of passwd which try to ensure the user does not limit himself to a small alphabet. At the same time, here is a much larger user base than Unix users, trusting money to a very small password set. I realise that there are differences; Unix users choose their own (easily guessed) passwords, banks/computers choose those for ATMs, etc. But... -- <<< standard disclaimers >>> Nick Crossley, CCI, 9801 Muirlands, Irvine, CA 92718-2521, USA Tel. (714) 458-7282, uucp: ...!uunet!ccicpg!nick