On 8/2/06, Geoffrey
John Andersen wrote:
On Tuesday 01 August 2006 07:34, Geoffrey wrote:
Do the typical substitutions and you can generate a relatively obscure password:
There are 11 players on a football team and 9 on a baseball team.
Ta11poafta9oabt.
What's he talking about?
BTFOM.
Substitutions as in a number one for the lowercase 'l', a zero for the lower case 'o', the number 5 for the lowercase 's'. I didn't do any in the above example because of the numbers that already existed in the phrase.
Point is, it's hard for anyone to remember a long password unless it's something simple, say, their name. With the above approach anyone can remember a phrase that makes sense to them. Even if their spelling is incorrect, if they are consistent, it still works.
-- Until later, Geoffrey
I think alot of the people here are missing the point. The key to password management is finding the most secure policy without introducing further insecurities -- such as personnel writing downward passwords. This is not to say that password policies are not effective ... just that the policy must take into consideration the training personnel have with regards to computer/network security, the value of the data and/or systems being protected, and any environmental concerns such as business culture. A complete disregard for implementation of some type of security policy is a fatal mistake. You just have to find that "sweet spot" where you get the good without presenting more bad. Geoffrey's implementation may not be perfect for every scenario or environment; however it is a good start. ;) Thomas