Subject: Re: Password demands
To: None <netbsd-users@netbsd.org>
From: Richard Rauch <rkr@olib.org>
List: netbsd-users
Date: 02/23/2004 00:01:00
If I may make a suggestion:
Perhaps if you attack this from the other side? Write a simple
password *generator* that mixes vowels and consonants to produce
something semi-pronouncible (but not a word). Then a second pass
to sprinkle in some punctuation and numerals.
Ideally, it should probably be subjected to some kind of testing to
eliminate things that are too close to real words (maybe soundexing
it?).
I think that the reason that people use bad passwords is because
it's easy to pick a real word---or something close to it---but it
"feels" hard to make a random one. If one is generated for you,
you only have to memorize it. If it's semi-pronouncible, even
that isn't too hard. If you're using it frequently, it'll work
its way into your neural pathways soon enough.
Then the password can either be offered, or forced, depending on
your local policy.
--
"I probably don't know what I'm talking about." http://www.olib.org/~rkr/