buck@NRL-CSS.ARPA (08/15/84)
From: Joe Buck <buck@NRL-CSS.ARPA>
Right on, Stephen Wolff! At my college computer center about five years
ago, students were forced to accept random passwords. What's worse, the
accounts had some 12 digit user number, rather than the user's name.
Naturally, everyone carried around little slips of paper with their
account number and password, and almost every time I went to the computer
center, I found one or two of them.
For a good password, try the initials to a song, book, phrase, etc.
For a while, my password was "ilamiau" (the initials to a song title).
Even if someone looks over my shoulder when I'm typing it in, it's doubtful
that s/he'll remember it.
Let's not make our computers so secure that legitimate users can't function.
ARPA: buck@nrl-css.ARPA
UUCP: ...!{decvax,linus,umcp-cs}!nrl-css!buck
-Joecharles@utastro.UUCP (08/17/84)
At the risk of legitimizing opinions like this which are
based on false assumptions, I offer the following:
The program "randpasswd" was offered as an fairly interesting
exercise in using random(3) and as a useful tool in coming
up with new passwords that were not obvious to the casual user.
No one at my site forces anyone to use any particular password, whether
or not it was produced by "randpasswd".
In reply to Mr. Wolffs vehement article, I have this to say:
1) If someone writes their password on a piece of paper, that piece
of paper is then their responsibility, whether or not that
password was produced by a password-generating-program.
Neither I nor the program can be blamed for losing pieces of
paper.
2) If you object to using password-generating programs, (and to do so
is a personal and reasonable decision) don't use them
and discourage your users from using them.
3) The users at my site are, in fact, not actively
encouraged to use "randpasswd".
In announcing its availability, it was only announced that
it was available; no praises or guarantees of any kind were
included, either explicitly or implied.
4) Some people, in fact, *do* find it useful, and use it all due
caution.
--
*>> Charles Sandel <<*
uucp: {ut-sally, ut-ngp, noao, charm}!utastro!charles
arpa: charles@utastro.UTEXAS.ARPA charles@ut-sally.UTEXAS.ARPA
at&t: (512) 471-4461 x439phil@amd.UUCP (Phil Ngai) (08/18/84)
At this site there are people who will chose passwords that
are easily guessed no matter how many times you ask them not
to. This includes my managing director. After several months
we realized things were not going to get better, so we hacked
passwd to assign a password instead of soliciting one.
It doesn't bother me too much if someone writes their password
on a piece of paper taped to their terminal, I'm trying to keep
out the phone hackers.
It gets boring playing password cop, I much prefer letting
Unix do it. Flame away, I don't care. I sleep much better
at night now.
--
amd70 is dead, tell a friend
Phil Ngai (408) 982-6554
UUCPnet: {ucbvax,decwrl,ihnp4,allegra,intelca}!amd!phil
ARPAnet: amd!phil@decwrl.ARPAjsq@ut-sally.UUCP (John Quarterman) (08/21/84)
What we've done to stop people using easily guessable passwords is to
write a little program that tries to guess them, and advertise that
we're running it all the time. People didn't believe us until we got
four or five hits the first couple of days. Then it was amazing how
the frequency of hits dropped off....
--
John Quarterman, CS Dept., University of Texas, Austin, Texas 78712 USA
jsq@ut-sally.ARPA, jsq@ut-sally.UUCP, {ihnp4,seismo,ctvax}!ut-sally!jsqrevc@marlin.UUCP (08/22/84)
Our system supplies the users with a list of 10 random strings, with vowels in the correct location, which are "almost" words. A check against the dictionary insures that there are no real words. This allows the users to 'select' their password, but supplies the needed random factor at the same time. We had a major problem with user-ids and passwords being IDENTICLE! Bob -- R.E. Van Cleef (REVC) Computer Sciences Corporation San Diego, CA ihnp4 \ MILNET revc@nosc akgua \ UUCP decvax -------------!sdcsvax!noscvax!revc dcdwest / ucbvax / CompuServe 71565,533