[Wylug-help] Bad Passwords

Trevor Noland trevor at amaro.es
Thu Apr 12 11:58:32 BST 2007


Couldn't agree more that if you are going to use passwords at all you have
to make them as safe as possible, so why do I want *easy* words?
Psycology, I suppose.
We are not on the net (yet), most people in our little lan think passwords
are no use for anything more than wasting their time, so,...step by step.
First get them used to using a password (you'd be surprised that four
people, after having explained to them that having typed in their "key", as
they call their username, they would be asked for their password, in fact
tried to log in using their password as the user name, and phoned me to tell
me that their new key wouldn't work).
Then try to get them to not tell everyone else their password. Most seem to
think that if you sit at someone else's computer you have to log in with
their name. The difficulties in getting over this aparently insignificant
obstacle are quite out of proportion. I know it's just a matter of
education, but it takes time, you can't just tell them once and expect them
to understand.
In the end, convince them that their elected passwords are useless, and
explain that a password difficult for them to remember will be even more
difficult for someone else to guess (all this after convincing them of the
need for security anyway).
The final step will be to apoint them safer passwords, with a proper mixture
of random upper and lower case letters and numbers, or a mneumonic "sentence
into password" as suggested by Hanna D.

It's a long process, and it would be nice be able to throw everyone straight
in at the deep end, but I think it more prudent to guide them along step by
step and have them with me rather than against me. Loyalty is important.
Most sabotage attacks come from within rather than without. I want to keep
it as friendly as possible, but still get where I want to go, even though it
takes longer.
Trevor.




More information about the Wylug-help mailing list