Re: Is a cryptic password always necessary?
Erik Ryberg <ryberg@seanet.com> writes:
ER> I have a home machine which I'm not too worried about security wise. If
ER> I don't go on-line as root, is a difficult to type and remember password
ER> really necessary?
What do you mean by "go on-line as root"? If your machine is
connected to a network you don't completely control, it's a potential
target, even if it's only by a dial-up connection. You definitely
don't want to be connected to The World without a root password. If
you are going to be connected to The World, you probably don't want to
be running service you don't need or use; I disallow unencrypted
telnet and rlogin connections, for example, since I use ssh for
everything.
This doesn't mean you need a "difficult to type and remember
password". One might use a password like "Help! I forgot my
password!", which would be written as "H!Ifmp!" If you remember the
phrase, a mnemonic like this makes it relatively easy to remember the
actual (cryptic) password.
--
David Maze dmaze@mit.edu http://www.mit.edu/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell
Reply to: