RE: Passwords On Paper

From: Toby Miller (tmiller@va.prestige.net)
Date: 12/18/01


From: "Toby Miller" <tmiller@va.prestige.net>
To: "Derek Spransy" <spransd@ohs.orange.k12.nc.us>, <zeshan.ghory@btinternet.com>, <security-basics@securityfocus.com>
Date: Mon, 17 Dec 2001 21:48:00 -0500

All,
Keep in mind that we are talking about the average user here. The best place
I have seen is ... all over their cubical/desk. Take a look at calendars,
magazines they look at, screensavers etc.. Most users want to make it easy
for them to remember and try to hide it(somewhat) thats why I search for the
not so obvious clues.

                                                                        Toby

-----Original Message-----
From: Derek Spransy [mailto:spransd@ohs.orange.k12.nc.us]
Sent: Sunday, December 16, 2001 5:34 PM
To: zeshan.ghory@btinternet.com; security-basics@securityfocus.com
Subject: Re: Passwords On Paper

If you let users choose their own passwords you will get things like:
Fluffly
Password
*UsersName*

We usually assign passwords like jmf94817, and we actually don't have to
many problems with users posting their passwords. We try to train them into
understanding the implications of someone getting their password. It seems
to work pretty well.

<<< Zeshan Ghory <zeshan.ghory@btinternet.com> 12/14 6:06p >>>
On Thu, Dec 13, 2001 at 02:29:44PM -0500, ProfesseurWoo@aol.com
(ProfesseurWoo@aol.com) wrote:
> Is anyone familiar with a government or private study that surveyed the
top 10 places to store
> passwords that were written down on paper; e.g. under the keyboard, etc?

I would imagine that it would be very difficult to obtain enough
information to carry out such a survey effectively.

Personally, I have certainly seen passwords (with corresponding
user names) written on post-it notes stuck to monitors, on
whiteboards, and sometimes just scribbled down on random bits of paper
lying on a desk.

This is much more likely to occur if people are *given* passwords
instead of choosing their own.

Zeshan



Relevant Pages

  • Re: RFC: disablenetwork facility. (v4)
    ... Do you have a specific concern in mind not addressed by either of these ... admins from getting useful audit messages, ... time to keep re-trying the server, on your quest to a brute-force attack ... exhaust the space of valid passwords. ...
    (Linux-Kernel)
  • Re: How Will Amatuer Radio Be Dealt With?
    ... If any clown, law abiding or otherwise thinks that I am about to reveal ... passwords to anything, they can think again. ... I did not mind being ...
    (uk.radio.amateur)
  • Re: Prevent root to remove files/directories
    ... Yes, mind. ... It's useful to grant permission to someone to execute a program, ... The names better be good passwords, ... (No complex hashing function to compute ...
    (comp.unix.shell)
  • Re: time wasters
    ... mind, one question was a guess as I couldn't decide what ... putting my passwords and protocols into a safe ... place, using a notebook and felt tip pen, so that the next time I get bumped ...
    (uk.rec.sheds)
  • Re: How Will Amatuer Radio Be Dealt With?
    ... If any clown, law abiding or otherwise thinks that I am about to reveal ... passwords to anything, they can think again. ... I did not mind being watched ...
    (uk.radio.amateur)