Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Passwords and their usage


On Tue, May 06, 2003 at 02:13:50AM +1000, Dan Treacy wrote:
> So "website" passwords aside should I use unique really strong passwords
> for every single account? should there be levels and just a different
> pasword for each level?  What is the consensus and what do my fellow
> sluggers use.

The thing with website passwords is you generally have no idea how
they store the passwords.  If I am storing peoples passwords I only
keep a hash of the password, so I don't know what it is.  But who
knows if it's stored in plain text?  This means the administrator (let
alone hackers) can easily see the password, and if you tend to use the
same account name at various places ... you get the idea.  I noticed,
for example, passwords are stored in plain text in mailman databases.
 
> I'm sure I'm not the only one in this position and the thought of
> remembering even 10 or 15 really strong passwords isn't the most
> appealing.

I don't know if you have a palm pilot but check out 

http://gnukeyring.sourceforge.net/index.html

As a side note, I used to work at a company where you were forced to
change your password about once a month, and it forced you to use
letters, numbers, no recycling etc.  I think about 97% of the
passwords in the building were 'monthyear', e.g. 'may2003'.  too much
of a good thing, I guess.

-i
ianw@xxxxxxxxxxxxxxxxxx
http://www.gelato.unsw.edu.au