Mailinglist Archive: opensuse-security (58 mails)

["Thomas Jones" <securebuddha@xxxxxxxxx>]

On 8/2/06, Geoffrey <esoteric@xxxxxxxxxxxx> wrote:
> John Andersen wrote:
> > On Tuesday 01 August 2006 07:34, Geoffrey wrote:
> >> Do the
> >> typical substitutions and you can generate a relatively obscure password:
> >>
> >> There are 11 players on a football team and 9 on a baseball team.
> >>
> >> Ta11poafta9oabt.
> >
> > What's he talking about?
> >
> > BTFOM.
>
> Substitutions as in a number one for the lowercase 'l', a zero for the
> lower case 'o', the number 5 for the lowercase 's'.  I didn't do any in
> the above example because of the numbers that already existed in the phrase.
>
> Point is, it's hard for anyone to remember a long password unless it's
> something simple, say, their name.  With the above approach anyone can
> remember a phrase that makes sense to them.  Even if their spelling is
> incorrect, if they are consistent, it still works.
>
> --
> Until later, Geoffrey

I think alot of the people here are missing the point. The key to
password management is finding the most secure policy without
introducing further insecurities -- such as personnel writing downward
passwords.

This is not to say that password policies are not effective ... just
that the policy must take into consideration the training personnel
have with regards to computer/network security, the value of the data
and/or systems being protected, and any environmental concerns such as
business culture.

A complete disregard for implementation of some type of security
policy is a fatal mistake. You just have to find that "sweet spot"
where you get the good without presenting more bad.

Geoffrey's implementation may not be perfect for every scenario or
environment; however it is a good start. ;)

Thomas