[Info-vax] Enhanced Password Management
Tim Lovern
1tim.lovern at gmail.com
Wed May 1 11:08:03 EDT 2019
On Wednesday, May 1, 2019 at 1:35:56 AM UTC-7, Phillip Helbig (undress to reply) wrote:
> In article <4ff0d5d3-8d1f-4e84-b31b-a0906b81ba4b at googlegroups.com>, IanD
> <iloveopenvms at gmail.com> writes:
>
> > Some folks have a fairly good password and just append digits at the end to
> > increment when a password change is forced
>
> Sometimes this is checked. Many people do this. Many people substitute
> 0 for O and 1 for I or l. In fact, the "standard" rules---at least one
> of each: upper case, lower case, number, extra character---are in
> practice in many if not most cases implemented like this: only first
> letter is uppercase, O is replaced with 0 or I with 1, there is a $ or &
> at the end.
>
> Longer is stronger. Not only are there more combinations of m^n if one
> makes n larger rather than m larger, but the corresponding password is
> easier to remember but also harder to crack. (Also, if the cracker
> KNOWS that the standard rules apply, it REDUCES the number of possible
> passwords.)
>
> https://xkcd.com/936/ says it all.
Yes, password entropy is a real thing, most management types refuse to believe that the rules actually make it easier to break them.
More information about the Info-vax
mailing list