On Wed, 2005-02-02 at 14:47 -0500, Daniel Carrera wrote: > But asking people to commit passwords to memmory is bad, as it makes > people choose insecure passwords. It means that you are securing against > an very improbable attack (physical espinonage) in exchange for becomming > vulnerable to a very likely attack (computer guessing your password).
It is not hard to think up secure passwords which are relatively easy to remember. My favorite is to come up with a nonsense phrase and select the first character of each word of the phrase as my password with random case changes and throwing in various mnemonic punctuation marks and numbers. The password is not entirely random, but its entropy is high enough to thwart almost all but the most determined guessing attacks. This is not 100% secure, but it is pretty close and especially when you change your password every few months or so. As always in security, it depends on what you are protecting. For my daily work this approach has proved good enough and I have never had anybody "guess" my passwords. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]