[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spaces in passwords
Rabid Wombat wrote:
> On Thu, 18 Apr 1996, Jon Leonard wrote:
> >
> > The exception to this is when you may be overheard typing a password.
> > The space bar sounds different, and an attacker who knows you've used
> > a space has a significantly smaller search space.
> >
> > So I usually recommend avoiding space, @, #, and control characters
> > when generating passwords. Have I missed any or gotten too many?
>
> Why would you want to avoid #, @, etc. ?
Space sounds different, # is sometimes backspace, @ is sometimes kill-line,
and control characters often do strange things. Those are the only characters
I avoid, though.
For example, if you're using a teletype to change your password on a UNIX
system (or it _thinks_ you _might_ be using one), and use a password of
"O&]z@d#4", you've just set your password to "4". Control characters are
worse: ^S to lock your terminal, ^D to disconnect -- no fun.
> I have a hard enough time getting lusers to choose non-dictionary
> passwords that they can *remember* - one technique is to teach sub-100
> i.q. types to use two words, seperated by a #,@, etc., with a number
> tossed in: kill#pig1et, which isn't a dictionary word, but has a chance of
> being remembered without writing it on a sticky note and pasting it to
> the @#%&ing monitor.
It's hard. I'd really rather have longer pass{words,phrases} so that there's
the potential for lots of entropy without requiring line-noise for passwords.
Jon Leonard