From: "Strong, Lee" <strongl at sddc.army.mil>
To: "'WSFA members'" <WSFAlist at keithlynch.net>
Subject: [WSFA] Re: Passwords (was Re: But on me it looks good)
Date: Thu, 18 Mar 2004 16:04:00 -0500
Reply-To: WSFA members <WSFAlist at keithlynch.net>

    Excellent advice, Keith.  I gave up words, including non-American
English and invented words, years ago.  I now use solid state random number
generators -- dice to the commons -- to generate random sequences of
letters, numbers and non-alphabetic symbols.  And, yes, I memorize them.
Our information assurance folks -- computer cops to the commons -- run
in-house password cracking programs and have nailed everyone in my section
at one time or another except me.  Lee

-----Original Message-----
From: Keith F. Lynch [mailto:kfl at keithlynch.net]
Sent: Thursday, March 18, 2004 3:45 PM
To: WSFA members
Subject: [WSFA] Passwords (was Re: But on me it looks good)

Lee Strong wrote:

> I was also talking to a techie today about computer security and
> passwords, and modestly allowed that "I'm weirder than your rules
> are."  She naturally agreed.  I didn't tell her about the time that
> I used Doc Smith character names as passwords.

I recommend against using any name that appears in any book, or
any word that appears in any dictionary, as a password.  Computer
criminals have been known to test every word in the dictionary and
every name in the phone book.  I wouldn't be surprised if they also
scan in works of fiction and use every name in them.  Automation makes
this easy.

A password consisting of eight or more random letters and digits
is best.  Be sure to memorize it, not write it down or store it in
another computer.  Trying all possible eight character combinations
is still way beyond the capability of any criminal.
--
Keith F. Lynch - http://keithlynch.net/
Please see http://keithlynch.net/email.html before emailing me.