From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 8 Mar 1996 11:24:00 -0500 (EST)
Subject: Re: Password generating program

I heard about a U.S. Air Force site that forced a password generating
program on its users. It generated passwords that weren't
pronounceable, either.

The security audit team that went through found their way in to about
80% of the systems by looking at the passwords written on sticky
notes, etc.  in the immediate vicinity of the user's
terminal/workstation.

IMHO, it is better to teach users to use secure passwords, and check
for non-secure ones. Anybody have a way of doing this when the
password is generated, rather than running CRACK every now and then?

- ----------------------------------------
Rabid Wombat
wombat@mcfeely.bsfs.org
- ----------------------------------------

[Next]


Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Wed Jun 19 09:19:21 1996