1996-04-19 - Re: Spaces in passwords

Header Data

From: Rabid Wombat <wombat@mcfeely.bsfs.org>
To: Jon Leonard <jleonard@divcom.umop-ap.com>
Message Hash: 3bc6722681077762b1630e79ff2de039df64a41363804e208342e0ac25c9994f
Message ID: <Pine.BSF.3.91.960418190151.603B-100000@mcfeely.bsfs.org>
Reply To: <9604181538.AA16305@divcom.umop-ap.com>
UTC Datetime: 1996-04-19 06:38:57 UTC
Raw Date: Fri, 19 Apr 1996 14:38:57 +0800

Raw message

From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 19 Apr 1996 14:38:57 +0800
To: Jon Leonard <jleonard@divcom.umop-ap.com>
Subject: Re: Spaces in passwords
In-Reply-To: <9604181538.AA16305@divcom.umop-ap.com>
Message-ID: <Pine.BSF.3.91.960418190151.603B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Jon Leonard wrote:

> > Ben Rothke writes:
> 
> The exception to this is when you may be overheard typing a password.
> The space bar sounds different, and an attacker who knows you've used
> a space has a significantly smaller search space.
> 
> So I usually recommend avoiding space, @, #, and control characters
> when generating passwords.  Have I missed any or gotten too many?  
> 
Why would you want to avoid #, @, etc. ?

I have a hard enough time getting lusers to choose non-dictionary 
passwords that they can *remember* - one technique is to teach sub-100 
i.q. types to use two words, seperated by a #,@, etc., with a number 
tossed in: kill#pig1et, which isn't a dictionary word, but has a chance of 
being remembered without writing it on a sticky note and pasting it to 
the @#%&ing monitor.

- r.w. 







Thread