Re: Recovery via Unrecovery

On Mon, 27 Aug 2007 22:51:57 +0100,
Chris Suslowicz <chris+news@xxxxxxxxxxxxx> wrote in
<C2F9060D96685E58C@xxxxxxxxxxxx>:

In article <favc9o$if0$1@xxxxxxxxxxxxxxxxxxxx>,
dj3vande@xxxxxxxxxxxxxxxxxxx (Dave Vandervies) wrote:

I once had an automated password strength checking system reject a
password that I had created with a pair of 8-sided dice and a lookup
table containing upper and lower case letters, decimal digits, and two
punctuation symbols. Something about a run of alphabetic characters
being too long.

MikeA, avert your eyes, please!

Or the recent upgrade to PN-NPS2 on one of the dinosaurs that introduced
a default "*NO* repeated letters permitted" rule.

I had to change my LoseDows password today: it had been too long since
I rebooted, something I never would have expected from LoseDows. Most
of the time it fails before I reboot it intentionally. At any rate, I
had to change the password, and the ruleset was kind enough to close
off a *lot* of the possible PW space.

I was Not Impressed. If the next one had been rejected as well, I would
have gone to the people who decreed the policy with a complaint along
the lines of "I give up, what IS the password I'm allowed to use?".

If you make the password rules /too/ Byzantine, people just start writing
the passwords on post-it notes.

Yes. After all, if Mal can get to the hard drive, then the password is
pretty much academic on a non-encrypted drive, innit?

I used to write my passwords down: 9 pairs of 6-sided dice throws. First
pair picks the lookup table. (Generated by sequentially filling a 6x6 grid
with the ($Security System permitted) characters picked out of a hat. I
think I omitted $CurrencySymbol to avoid codepage problems, and there
were always a couple of characters left in the hat after filling the table.
6 pages, 6 tables per page, generated during a long train journey when
I ran out of books to read.) Remaining 8 pairs index into that table.
Final sanity check (shuffle letters if it hits certain rules) and then
write the number down before changing the password.

A bit much. I use something mildly like S-key on some systems, and
cart the paper around with me. And the flash drive. And the copy on
the card in my Palm. And ... .

There's /a/ system which requires a physical dongle, an RSA token, *AND*
a 14-digit password (mixed case, alphanumeric + specials) at Ork which I
thankfully don't have to use....

True narapoia.

--
I had NANAE and ASR mixed up - I thought NANAE was the place
where Useful Information is not allowed. I've not seen much of it
here lately. -- Steve Sobol, in NANAE
.

Relevant Pages

  • Re: Recovery via Unrecovery
    ... I used to write my passwords down: 9 pairs of 6-sided dice throws. ... pair picks the lookup table. ... with the characters picked out of a hat. ... were always a couple of characters left in the hat after filling the table. ...
    (alt.sysadmin.recovery)
  • Re: VLOOKUP and repeating results
    ... There are spaces or other invisible characters in either the search arguments or the lookup table. ... Use absolute addresses for the lookup table, like $A$1:$B$20 instead of relative addresses like A1:B20. ... | corresponding New Account Number from sheet 1. ...
    (microsoft.public.excel.misc)
  • Re: Lookup Errors with exact match
    ... > which matchs a joined field in two files. ... > incorrect lookup values. ... index up to 20 characters per word, ...
    (comp.databases.filemaker)
  • Re: Pep 3105: the end of print?
    ... Python 2.3 and Python 3, ... three look-ups and 16 characters instead of always available, ... lookup, though given the probable time taken to do the I/O, why worry ...
    (comp.lang.python)
Loading