[ale] password management

Transam bob at verysecurelinux.com
Wed Jul 23 13:01:52 EDT 2003


On Wed, Jul 23, 2003 at 11:31:18AM -0400, Jonathan Rickman wrote:
> On Wednesday 23 July 2003 11:23, Jonathan Rickman wrote:
> > On Wednesday 23 July 2003 10:45, Christopher Bergeron wrote:
> > > What do you guys use (aside from LDAP or Radius)?  Any suggestions?

> > I find that this formula makes it easier to remember multiple passwords:

> > [keyword]+[month]+[hostname]

> > Example:

> > stR0nGk3yJULyabacus

Adding in the month only makes the password 12 times harder to guess.
Adding the host name makes it only twice as long (it's either used
in the password or not).
Randomly changing the capitalization only doubles the difficulties for
each letter involved.  Using "3" instead of "e", etc. has only a slight
effect.

> > I rotate the keyword 2-3 times a month.

Changing the password frequently can decrease security as it forces
one to pick easier-to-remember passwords.

> ...and add a punctuation mark at the beginning and end. Sorry.

That helps.  Add some punctuation in the middle too.

Use 24x7 monitoring to detect brute force attempts.
Limit remote access (e.g., SSH) to a short list of IPs of trusted systems.
Try to arrange for an account to be locked out after a short number of
incorrect guesses.

For lots of ideas on passwords, see Real World Linux Security, 2nd ed,
page 27-29, 41-51.

> -- 
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list