Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fun With Passwords?

Posted by Cliff on from the fun-for-the-whole-BOFH-family dept.

eSims asks: "Most all SysAdmins have the pleasure of picking passwords and while we know the rules for picking good passwords we also know how to have a little fun with them as well. Password choices may be inside jokes about management, comments on the company, or just torture for the users we assign them to, but often they are funny. Without giving away the company secrets what are some of your funny stories about password selection?"

7 of 159 comments (clear)

  1. Experiment in Password Abuse by Nyhm · · Score: 4, Interesting

    Hypothesis:

    IT staff regularly reads user passwords (for fun, profit, bogus administration, lack of professionalism, total misunderstanding of why security requires the sanctity of private passwords).

    Try this experiment:

    1. Change your password(s) to something abusive toward the IT staff.
    2. Observe the IT staff (watch for them to become irate, agitated, angry, or any other such synonyhm).
    3. Change this password everywhere you've used it across the Internet

    Step 3, of course, brings into question the diligence of the user.

  2. Not especially funny, but might be useful by bairy · · Score: 5, Interesting
    I know this is drifting off topic but some people might find it useful

    I once read a tip about website passwords where you shouldn't have the same password for all sites that need a logic. One of the best suggestions I read was to have a password of say 4 characters, and intersperse the website name into it.

    e.g. if your password is 1234 and you're logging into download.com it might be 1d2o3w4l or if it's slashdot.com then 1s2l3a4s or if it's msn.com then 1c2r3a4p etc. It's different for all and harder to guess, and cos it's not a word, anyone watching the keyboard might not pick up on you typing it.

    --


    Get paid to search..It's geniune and
  3. Re:My own worst enemy by Curtman · · Score: 2, Interesting

    Well, if you've got Windows, you use a Windows CD, I don't remember the details, but Google's got instructions. If you've got Linux, you probably use Knoppix, mount the partition and clear the password out of /etc/shadow. If you got OS X, they were even nice enough to put a utility on the CD that lets you set the root password to blank.

    If you've got access to the box, you've got access to its data.

  4. Forgotten Passwords by brunson · · Score: 2, Interesting

    The only cool thing about Netware was the length of passwords you could use. I was in the habit of resetting forgotten user passwords to things like 'Icantbelieveiforgotmypassword' or 'boydoIfeellikeanidiot'.

    --
    09F911029D74E35BD84156C5635688C0
    Jesus loves you, I think you suck
  5. Fun, no, prudent, yes by FuckMeter · · Score: 3, Interesting

    I don't have any fun/funny password tales to share, but I can share a story about true password protection.

    The year was 1999. I was working at a computer-related company, I won't call it a "startup" or a "dotcom" but it was similar. There were three sysadmins, and the owner didn't trust any one admin with the ability to login as root by himself. So a compromise was reached.

    Each of the three admins chose a password. The three passwords were combined into one monster, master, root password. In order to login as root, all three admins needed to be present, to type their portion of the password in the correct order. Once all three admins typed in, a root login was achieved and whatever duty was necessary would be performed.

    So, what if one of the 3 admins got hit by a bus on the way to work? There was a contingency plan. Each of the three of us entrusted our password to one of the other two. In the event of an emergency, assuming two of the three admins were present, the full password could be reconstructed. For example,

    Admin A's password was apple, and he told that to Admin B

    Admin B's password was blueberry, and he told that to Admin C

    Admin C's password was cherry, and he told that to Admin A

    So if Admin B got runover by a train, Admin A and Admin C could still login as root (because Admin C knew Admin B's password part), change the root password, and do whatever needed to be done.

    The benefit was that, unless there was some sort of conspiracy, no one admin could ever login as root by himself and do anything crazy.

    --
    Rate Naked People at FuckMeter! (NSFW)

  6. Re:Funny Story.... by kris_lang · · Score: 3, Interesting
    Here's a -1 Truly Tragic story:

    I was at a place (up Chuck river) that was supposed to be reknowned for it's information processing savvy, Python and CORBA and other soupy-acronyms abounded everywhere. The sysadmin had the wacky idea of everyones' passwords on multiple machines being :

    First Initial + last Initial + initials of Research Program + last two numerals of year.

    Yes, I kid you not. Everyone had accounts on, oh about eight to ten unix machines, with all passwords immediately known by all fellow users. And before you get misty-eyed and say oh it was so long ago a trusting time, it was 1995. (which was a long time ago in internet time.)

  7. VMS by Aidtopia · · Score: 2, Interesting

    VMS had a password generator that made nonsense words that were (supposedly) pronounceable and thus memorable. As a result of the algorithm, it would often pick a real word (or a real word plus some extra syllables). Sometimes, the real word would be offensive.

    So the folks at DEC kindly put a naughty word filter into the generator (in many languages). But then there was the risk that people perusing the source code (it was available on microfiche) could be offended if they stumbled upong the naughty word table.

    So the folks at DEC obfuscated the naughty word table with something trivial like ROT13.

    That inevitably led to somebody circulating a program to decode the naughty word table, and a Usenet thread that taught us how to cuss in a dozen languages.