tbray@watsol.waterloo.edu (Tim Bray) (11/23/88)
In article <31@microsoft.UUCP> w-colinp@microsoft.UUCP (Colin Plumb) writes: > If you add mixed case and whatnot, you have more possible passwords than > any brute-force attempt can hope to attack. A more selective search must > come up with a list of "probable" passwords. If you make passwords fit > some strange pattern that bears no resemblance to anything else... In any reasonably large organization, I feel much more nervous about people stealing my password by looking over my shoulder rather than people crawling through my network. Having once been sysadmin and having to type the root password in an environment with tons of occasionally bored engineers hanging around made me *real* nervous. So: pick a password that's >6 chars and *you can type it fast*. For a touch-typist, this means alternating left and right hand strokes. Obviously it shouln't be in /usr/dict/words, but there's lots of words like that... Tim Bray, New OED Project, U of Waterloo, Ontario
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (11/24/88)
In article <9902@watdragon.waterloo.edu> tbray@watsol.waterloo.edu (Tim Bray) writes:
: In any reasonably large organization, I feel much more nervous about people
: stealing my password by looking over my shoulder rather than people crawling
: through my network. Having once been sysadmin and having to type the root
: password in an environment with tons of occasionally bored engineers hanging
: around made me *real* nervous. So: pick a password that's >6 chars and *you
: can type it fast*. For a touch-typist, this means alternating left and right
: hand strokes. Obviously it shouln't be in /usr/dict/words, but there's lots
: of words like that...
One of my favorite passwords used to be "kandle" for that very reason.
(Oops, I guess I can't use that one any more...)
Another trick (if there's only one or two looking over your shoulder) is
to look at them, and as soon as they look at you, type your password. Again,
touch typing is pretty much a requirement.
What's embarrassing is to type your password into the wrong window...
Larry Wall
lwall@jpl-devvax.jpl.nasa.gov