[unisog] [Fwd: Is the current password std flawed?]

Cooper F. Nelson cnelson at ucsd.edu
Fri Feb 25 22:35:24 GMT 2005


Hi all,

I've migrated away from passwords in the last year and have focused 
exclusively on using public/private key authentication.  All the servers 
I administer have interactive logins disabled by default.  I only keep a 
password on my account so I can login from the console.  All system 
accounts, including root, have their password locked. 

When one must use a password, consider mixing a typical mnemonic passwd 
mixed into a pass phrase.

For example:

"Abandon all hope, \//h0Ev3r enters here"

or use a conveniently dead language that you spent three years studying 
in high school...

"Potius mori quam F0eD at r1!"

Not much harder to remember or type than a standard password, but much 
stronger.

-Cooper



More information about the unisog mailing list