 |
 |
Do you suppose anyone has used your utility to name their dog? :-) Best practices in password management can be a pretty complicated subject. I think Bill raises a good point, that if you force people into using passwords that meet all the criteria for being hard to attack guess, then you end up with other undesirable results (e.g. writing the password down on a piece of paper that stays next to your computer). /rich >Steve mentioned the perennial problem of getting users to select and use "good" > passwords, however we might define that. One approach we've taken is to put >up > a web page that uses a perl script to generate random passwords that contain > numerals and special characters, but are somewhat pronounceable so it's easier > to remember. They aren't industrial-strength, and they aren't as easy to > remember as your dog's name, but I think they strike a decent compromise > between the two. If you want to have a look, see > http://lib7web.lib.msu.edu/sopp.htm. I certainly can't claim that none of our > users has their dog's name as their password, but at least we've provided them > with an alternative. > >Hope this helps some. >--Bill. >Bill Wheeler >Systems Programmer and Administrator >Michigan State University Libraries >E-mail: [log in to unmask] Phone: (517)432-6123 x 234