Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!gatech!bbn!inmet!ishmael!nelson
From: nelson@ishmael
Newsgroups: comp.unix.wizards
Subject: Re: Here's a *BRILLIANT* password idea!
Message-ID: <143300008@ishmael>
Date: 6 Dec 88 16:22:00 GMT
References: <438@amanue.UUCP>
Lines: 17
Nf-ID: #R:amanue.UUCP:-43800:ishmael:143300008:000:650
Nf-From: ishmael!nelson    Dec  6 11:22:00 1988


The BayBanks system (Eastern Mass.) lets you pick your own password up
to 6 characters long (they use a telephone-like alphabet/numeric scheme).
I was rather surprised, however, to discover that only the first 4
characters of my 6 character password are checked.  In fact, I heard of a
case where someone had lost their card and whose account was
subsequently pilfered.  As a password she had used the first 4 letters
of her name followed by two dummy letters.

I realize that this is pretty far from Unix, but there is a lesson
somewhere.  If nothing else, BayBanks users beware.

  - Nelson

Nelson Lerner
uunet!inmet!nelson
nelson@inmet.inmet.com