[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is a cryptic password always necessary?

Erik Ryberg <ryberg@seanet.com> writes:
ER> I have a home machine which I'm not too worried about security wise.  If
ER> I don't go on-line as root, is a difficult to type and remember password
ER> really necessary?

What do you mean by "go on-line as root"?  If your machine is
connected to a network you don't completely control, it's a potential
target, even if it's only by a dial-up connection.  You definitely
don't want to be connected to The World without a root password.  If
you are going to be connected to The World, you probably don't want to
be running service you don't need or use; I disallow unencrypted
telnet and rlogin connections, for example, since I use ssh for

This doesn't mean you need a "difficult to type and remember
password".  One might use a password like "Help!  I forgot my
password!", which would be written as "H!Ifmp!"  If you remember the
phrase, a mnemonic like this makes it relatively easy to remember the
actual (cryptic) password.

David Maze             dmaze@mit.edu          http://www.mit.edu/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to: