Forcing password change on new users...
Henry Spencer
henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
Thu Jan 13 21:36:33 UTC 2005
On Thu, 13 Jan 2005, Christopher Browne wrote:
> > and (b) use minor variations on it thereafter instead of making up new
> > ones. Both of those practices are distinctly detrimental to security.
>
> I just got forced into a password change yesterday on AIX, and
> discovered that I wasn't permitted to have more than 2 characters of my
> password be the same as the old one.
> I'm not quite sure how someone would come up with a "minor" variation on
> that...
Oh, any number of ways -- they just get creative at higher levels. For
example, rotate through the names of the seven dwarfs (perturbed enough
to satisfy criteria about nonalphanumeric characters etc.).
Henry Spencer
henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list