Forcing password change on new users...

Fraser Campbell fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org
Fri Jan 14 00:56:12 UTC 2005


On Thursday 13 January 2005 12:02, Christopher Browne wrote:

> I just got forced into a password change yesterday on AIX, and
> discovered that I wasn't permitted to have more than 2 characters of my
> password be the same as the old one.

I ran into something similar today with SLES8, it complained that the 
passwords were "too similiar" even though (IMO) they were exceedingly 
different.  It might be that there were 2 common characters, annoying 
whatever the designer's parameters were.

> I, of course, used automation for this; I have a password generator
> integrated into JPilot's keyring plugin, and this does an eminently nice

Another me too ... the human brain (well mine for sure) is pretty bad at 
generating randomness.  Too often schemes like replacing vowels with numbers, 
keyboard tricks, etc. get used ... tricks like that are hardly random and I'd 
bet the average password cracking program these days can decrypt such 
passwords without difficulty.

My choice for automation is pwgen, it's packaged for Debian, here's some 
example output:

  cheYae0e ahx0Efei lu6mohGu Ik7weogh neiV6sau Poom4equ Cue5zahh phu9Meir
  Ji4pheey gi8vahJo Pee1ooru waeb7Que eid4looK fuoV9now Ingushu6 deu8Kaen

The passwords are pronouncable (to some extent) and not based on dictionary 
words.

-- 
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org>                 http://www.wehave.net/
Georgetown, Ontario, Canada                               Debian GNU/Linux
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list