fiatlux@ucscc.UCSC.EDU (03/13/87)
Well, for a long time at our site, we've been able to choose more or less whatever name we want, so long as it fits into 7 characters or less. This is a much nicer way than having q2zirt67 as a login. Also choosing your own makes it easier to remember and for others to remember. It's also a bit of a statement of who you are and what you like and such. A lot of people seem to name there accounts after D&D characters, or science fiction novels/authors. Other influences are majors (my account was radiotv for a while), movies, or interests. The best way to protect an account is to protect the password. Knowing a login doesn't help much in getting into the account. You have to know the password to get at what's in there. Assigning logins won't increase security, better protection of the user's password will help. +--------------------------------------+ | David Vangerov | | | | Just your average Theater Arts major | | with a weird thing for computers | | | | fiatlux@ucscc.BITNET | | fiatlux@ucscc.ucsc.EDU | | ...!ucbvax!ucscc!fiatlux | +--------------------------------------+ Armadillo: To provide weapons to a Spanish pickle
mark@ems.UUCP (03/14/87)
Ok, I have seen a lot of conversations about the security of unix signons lately. It would seem that protecting a signon can be done in two different ways. The first of these is by protecting the password of a given signon. This is the more traditional way to protect a signon. The second way is to attempt to make the signon itself more secure. On a system where the userid is used for so many different things such as mail, there is a problem with attempting to protect the userid. Another consideration here is that even if the signons are protected, there are several signons that are pretty generic on all Unix systems. Uucp, lp, and adm are a few that come to mind. Changing these may break some utilities that have these id's hardcoded. Besides, most of the security related information that I have read has stated that most of the security breaches come from inside the company, not from malicious hackers on the outside. If we assume that this statement is true, then this opens a whole new set of issues. For example, if a person has a signon, how are you going to ensure security. Commands like su begin to look like major problems, especially since you do not need to know a user id in the first place. If you want a secure system you will need to go to more dramatic extremes than using obfusticating user id's. If you want to protect the system from the outside, don't put modems on your machine. This will gaurentee that outside people will not call in and gain access your machine. If you cannot do this, granted it is extreme, go to a call back scheme. This can be circumvented using call forwarding these days, but once again, this requires that someone that is allowed to call in has allowed a phone to be forwarded. Granted system security is a problem, but making the system harder to use is not a good security practice. This will cause frustration from your users and will actually promote LESS security, not more. -- Mark H. Colburn mark@ems.uucp EMS/McGraw-Hill {rutgers|amdahl|ihnp4}!{dayton|meccts}!ems!mark 9855 West 78th Street Eden Prairie, MN 55344 (612) 829-8200 x235