buck@NRL-CSS.ARPA (08/15/84)
From: Joe Buck <buck@NRL-CSS.ARPA> Right on, Stephen Wolff! At my college computer center about five years ago, students were forced to accept random passwords. What's worse, the accounts had some 12 digit user number, rather than the user's name. Naturally, everyone carried around little slips of paper with their account number and password, and almost every time I went to the computer center, I found one or two of them. For a good password, try the initials to a song, book, phrase, etc. For a while, my password was "ilamiau" (the initials to a song title). Even if someone looks over my shoulder when I'm typing it in, it's doubtful that s/he'll remember it. Let's not make our computers so secure that legitimate users can't function. ARPA: buck@nrl-css.ARPA UUCP: ...!{decvax,linus,umcp-cs}!nrl-css!buck -Joe
charles@utastro.UUCP (08/17/84)
At the risk of legitimizing opinions like this which are based on false assumptions, I offer the following: The program "randpasswd" was offered as an fairly interesting exercise in using random(3) and as a useful tool in coming up with new passwords that were not obvious to the casual user. No one at my site forces anyone to use any particular password, whether or not it was produced by "randpasswd". In reply to Mr. Wolffs vehement article, I have this to say: 1) If someone writes their password on a piece of paper, that piece of paper is then their responsibility, whether or not that password was produced by a password-generating-program. Neither I nor the program can be blamed for losing pieces of paper. 2) If you object to using password-generating programs, (and to do so is a personal and reasonable decision) don't use them and discourage your users from using them. 3) The users at my site are, in fact, not actively encouraged to use "randpasswd". In announcing its availability, it was only announced that it was available; no praises or guarantees of any kind were included, either explicitly or implied. 4) Some people, in fact, *do* find it useful, and use it all due caution. -- *>> Charles Sandel <<* uucp: {ut-sally, ut-ngp, noao, charm}!utastro!charles arpa: charles@utastro.UTEXAS.ARPA charles@ut-sally.UTEXAS.ARPA at&t: (512) 471-4461 x439
phil@amd.UUCP (Phil Ngai) (08/18/84)
At this site there are people who will chose passwords that are easily guessed no matter how many times you ask them not to. This includes my managing director. After several months we realized things were not going to get better, so we hacked passwd to assign a password instead of soliciting one. It doesn't bother me too much if someone writes their password on a piece of paper taped to their terminal, I'm trying to keep out the phone hackers. It gets boring playing password cop, I much prefer letting Unix do it. Flame away, I don't care. I sleep much better at night now. -- amd70 is dead, tell a friend Phil Ngai (408) 982-6554 UUCPnet: {ucbvax,decwrl,ihnp4,allegra,intelca}!amd!phil ARPAnet: amd!phil@decwrl.ARPA
jsq@ut-sally.UUCP (John Quarterman) (08/21/84)
What we've done to stop people using easily guessable passwords is to write a little program that tries to guess them, and advertise that we're running it all the time. People didn't believe us until we got four or five hits the first couple of days. Then it was amazing how the frequency of hits dropped off.... -- John Quarterman, CS Dept., University of Texas, Austin, Texas 78712 USA jsq@ut-sally.ARPA, jsq@ut-sally.UUCP, {ihnp4,seismo,ctvax}!ut-sally!jsq
revc@marlin.UUCP (08/22/84)
Our system supplies the users with a list of 10 random strings, with vowels in the correct location, which are "almost" words. A check against the dictionary insures that there are no real words. This allows the users to 'select' their password, but supplies the needed random factor at the same time. We had a major problem with user-ids and passwords being IDENTICLE! Bob -- R.E. Van Cleef (REVC) Computer Sciences Corporation San Diego, CA ihnp4 \ MILNET revc@nosc akgua \ UUCP decvax -------------!sdcsvax!noscvax!revc dcdwest / ucbvax / CompuServe 71565,533