[Wylug-help] Bad Passwords

Roger Greenwood rg at nthong.freeserve.co.uk
Thu Apr 12 22:41:25 BST 2007


Changing passwords on a network - here is what I do for the kids machine at 
home :-

login to their machine as yourself as normal, if not already logged in

change to root - command :- su
enter root password

change the relevant users password e.g.  passwd jerry
you are then asked for the new password twice, and warned if it is "bad". 
Because you are root you can ignore the warning. If not, forget what I just 
said - I am a beginner here.

I accept this because they are behind a software firewall, a hardware 
firewall, and an analog dialup connection to the danger (t'internet) zone!

Still waiting for broadband :(

On Thursday 12 April 2007 11:51, Trevor Noland wrote:
> Couldn't agree more that if you are going to use passwords at all you have
> to make them as safe as possible, so why do I want *easy* words?
> Psycology, I suppose.
> We are not on the net (yet), most people in our little lan think passwords
> are no use for anything more than wasting their time, so,...step by step.
> First get them used to using a password (you'd be surprised that four
> people, after having explained to them that having typed in their "key", as
> they call their username, they would be asked for their password, in fact
> tried to log in using their password as the user name, and phoned me to
> tell me that their new key wouldn't work).
> Then try to get them to not tell everyone else their password. Most seem to
> think that if you sit at someone else's computer you have to log in with
> their name. The difficulties in getting over this aparently insignificant
> obstacle are quite out of proportion. I know it's just a matter of
> education, but it takes time, you can't just tell them once and expect them
> to understand.
> In the end, convince them that their elected passwords are useless, and
> explain that a password difficult for them to remember will be even more
> difficult for someone else to guess (all this after convincing them of the
> need for security anyway).
> The final step will be to apoint them safer passwords, with a proper
> mixture of random upper and lower case letters and numbers, or a mneumonic
> "sentence into password" as suggested by Hanna D.
>
> It's a long process, and it would be nice be able to throw everyone
> straight in at the deep end, but I think it more prudent to guide them
> along step by step and have them with me rather than against me. Loyalty is
> important. Most sabotage attacks come from within rather than without. I
> want to keep it as friendly as possible, but still get where I want to go,
> even though it takes longer.
> Trevor.
>
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help at wylug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/wylug-help

-- 
Hacker's Law:
	The belief that enhanced understanding will necessarily stir a
nation to action is one of mankind's oldest illusions.




More information about the Wylug-help mailing list