Hi, Booth
At 07:08 PM 11/20/97 -0500, you wrote:
>on 11/20/97at 07:15 AM, the Great and Grand  Wazir "Kahn, David (kahn)"
><KAHN@tengizchevroil.com> said:
>
>
>The best defence against a dictionary attack is to set the system value
>QPWDRQDDGT to 1, to prevent plain English words being used. Try to devise
>a scheme using a combination of the QPWD* system values to enforce robust
>passwords without alienating your users by making it next to impossible
>to generate a memorisable valid password.
>
>What are good, useful tips to give to users to help them with their choice
>in passwords? Perhaps we can compile a handy-dandy list to be passed out? 
>My favorite tip is:
>
>- Use the first letter from each word in an easily memorized phrase.  For
>example: "I am John, aged 32" would become  "IaJa32".

I replace letters in a common word or name with a "similar" numeral. E.g.,
"o" becomes "0". The user defines what is "similar". "whatever" could
become "w49t3v3r", where "h" is "4" upside-down, "a" can be seen as
something like a "9", "3" is like a capital "E" in a mirror. Or, making "v"
a Roman numeral, we get "w49t353r".

I'm working, occasionally, on a porting a program that generates
"semi-pronounceable" passwords. It's standard stuff in Unicesócalled pwgen.
Could be used as part of an exit program from setting passwords, maybe.

Cheers

Vernon Hamberg
Systems Software Programmer
Old Republic National Title Insurance Company
400 Second Avenue South
Minneapolis, MN 55401
(612) 371-1111 x480


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].