Re: Is a cryptic password always necessary?

To: debian-user@lists.debian.org
Subject: Re: Is a cryptic password always necessary?
From: "David Z. Maze" <dmaze@mit.edu>
Date: 25 Apr 2000 21:48:39 -0400
Message-id: <[🔎] 873do9pr7s.fsf@donut.mit.edu>
In-reply-to: Erik Ryberg's message of "Tue, 25 Apr 2000 17:47:23 -0700"
References: <[🔎] 39063C9B.EBCFBF22@seanet.com>

Erik Ryberg <ryberg@seanet.com> writes:
ER> I have a home machine which I'm not too worried about security wise.  If
ER> I don't go on-line as root, is a difficult to type and remember password
ER> really necessary?

What do you mean by "go on-line as root"?  If your machine is
connected to a network you don't completely control, it's a potential
target, even if it's only by a dial-up connection.  You definitely
don't want to be connected to The World without a root password.  If
you are going to be connected to The World, you probably don't want to
be running service you don't need or use; I disallow unencrypted
telnet and rlogin connections, for example, since I use ssh for
everything.

This doesn't mean you need a "difficult to type and remember
password".  One might use a password like "Help!  I forgot my
password!", which would be written as "H!Ifmp!"  If you remember the
phrase, a mnemonic like this makes it relatively easy to remember the
actual (cryptic) password.

-- 
David Maze             dmaze@mit.edu          http://www.mit.edu/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to:

References:
- Is a cryptic password always necessary?
  - From: Erik Ryberg <ryberg@seanet.com>

Prev by Date: Re: where is rc.local ?
Next by Date: Re: psutils and Postscript manipulation
Previous by thread: Re: Is a cryptic password always necessary?
Next by thread: Re: Is a cryptic password always necessary?
Index(es):
- Date
- Thread