Forcing password change on new users...
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Fri Jan 14 02:34:00 UTC 2005
Henry Spencer wrote:
> On Thu, 13 Jan 2005, Christopher Browne wrote:
>
>>>and (b) use minor variations on it thereafter instead of making up new
>>>ones. Both of those practices are distinctly detrimental to security.
>>
>>I just got forced into a password change yesterday on AIX, and
>>discovered that I wasn't permitted to have more than 2 characters of my
>>password be the same as the old one.
>>I'm not quite sure how someone would come up with a "minor" variation on
>>that...
>
>
> Oh, any number of ways -- they just get creative at higher levels. For
> example, rotate through the names of the seven dwarfs (perturbed enough
> to satisfy criteria about nonalphanumeric characters etc.).
One way to generate unique passwords, is to run "ps aux|md5sum". Now
that the hard part is done, all you have to do, is remember the new
password. ;-)
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list