[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secprog
Subject:    Passwords [Was: Re: Preventing Dictionary Attacks]
From:       Glynn Clements <glynn.clements () VIRGIN ! NET>
Date:       2001-04-07 4:13:30
[Download RAW message or body]

Adam Lydick wrote:

> Require that your users (through filtering of their chosen password)
> choose better passwords.

Or don't give the users any choice; just hand out random passwords.

Unless you're concerned about physical intrusion of the user's
pockets, it doesn't matter if they have to write it down.

And if you don't want it written down, a password of the form abc1def2
isn't that hard to memorise (mixed-case makes memorising much harder),
and has over 800 million possibilities (equivalent to about 30 random
bits), which is likely to be an improvement on a user-selected
password.

--
Glynn Clements <glynn.clements@virgin.net>

[prev in list] [next in list] [prev in thread] [next in thread]