[quote]The best thing you can do is to disable password logins altogether.
Using public keys is much more secure and makes it *impossible* for a
dictionary attack to succeed.[/quote]
If someone can get my 40+ character password which includes symbols, numbers,
letters, lowercase, and uppercase... I'm impressed and deserve to be rooted :)
It's really not hard to remember complex passwords as long as you make them
sane, the only real risk you have is a key logger.
Start with something easy for you to remember, say the digits on the first
address you remember as a child, add in a phrase with capitalization that isn't
normal, replace some characters with symbols, toss something in hostname
specific, and tag some bonus characters on the end for posterity. Hell even
using a phrase specific to you would be fine as long as its not a quote or
something.
OnMondayINeedToBuyGroceriesAtIGAForLessThan100$toeat
I tend to put reminders to myself on the end of my passwords to... keeps me
from forgetting when to change it next.
blahblahblahex-pie-ers-ON7/24/07
The thing ot watch is not use things that can be run from a dictionary... like
quotes for instance, when doing a security audit I added a few quotes i had
heard used around the company by management and companynamesucks and such and
picked up about 4-5% more passwords with small variations... 1companysucks2
etc. For a similar reason chemical compositions are bad... even though the
resultant password LOOKS good... C8H10N4O2 looks pretty secure... but isn't at
all.
Personally, I prefer passwords to keys, although with enough computer power all
passwords are breakable through brute force given enough time... with a very
long complex password using a variety of caps, symbols, numbers, et all... it
can be realistically infeasible though.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
