-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Tuesday 01 August 2006 17:09 schrieb suse@rio.vg:
Even one step better is the idea of "passphrases" rather than passwords. It's much easier for someone to remember a simple phrase than "k4M3.HhZ". If you have, for instance, someone enamored of a certain Chicago sports team, their passphrase could be "Da'Bears are Da'Bestest!" If someone has a poor memory for things, have them pick something that rhymes or a mnemonic.
In principle, that's a good advice, but most people, besides not beeing able to spell correctly (or even incorrectly), can't remember HOW they misspelled their passphrase. The end is: they write it down. But using a phrase, or the first letters of all the words in this phrase or something equally irritating ;), seems to be the better choice (better as to make them change their pwd every so often)
To be honest, though, I haven't seen a real dictionary attack in many years. Mostly, it's people knocking on port 22 looking for a passwordless account. (Or ones with the password "password" or "guest")
Here I must contradict you: about every two to three weeks some machine or other starts dict attacks on any number of my firewalls. The logs are full of "unknown user" and "wrong password" lines in rapid succession. Greetings from Vienna Wolfgang -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFEz3Eauy/zMYT9EqkRAq9/AJ4sH/aqEJF/x0GO44T+jfSTvWILGACfdsXt JaW4Y3YzO/U7ugegZEcoBAU= =sR6p -----END PGP SIGNATURE-----