Slashdot Mirror
Fun With Passwords?
eSims asks: "Most all SysAdmins have the pleasure of picking passwords and while we know the rules for picking good passwords we also know how to have a little fun with them as well. Password choices may be inside jokes about management, comments on the company, or just torture for the users we assign them to, but often they are funny. Without giving away the company secrets what are some of your funny stories about password selection?"
Hypothesis:
IT staff regularly reads user passwords (for fun, profit, bogus administration, lack of professionalism, total misunderstanding of why security requires the sanctity of private passwords).
Try this experiment:
1. Change your password(s) to something abusive toward the IT staff.
2. Observe the IT staff (watch for them to become irate, agitated, angry, or any other such synonyhm).
3. Change this password everywhere you've used it across the Internet
Step 3, of course, brings into question the diligence of the user.
I once read a tip about website passwords where you shouldn't have the same password for all sites that need a logic. One of the best suggestions I read was to have a password of say 4 characters, and intersperse the website name into it.
e.g. if your password is 1234 and you're logging into download.com it might be 1d2o3w4l or if it's slashdot.com then 1s2l3a4s or if it's msn.com then 1c2r3a4p etc. It's different for all and harder to guess, and cos it's not a word, anyone watching the keyboard might not pick up on you typing it.
Get paid to search..It's geniune and
I don't have any fun/funny password tales to share, but I can share a story about true password protection.
The year was 1999. I was working at a computer-related company, I won't call it a "startup" or a "dotcom" but it was similar. There were three sysadmins, and the owner didn't trust any one admin with the ability to login as root by himself. So a compromise was reached.
Each of the three admins chose a password. The three passwords were combined into one monster, master, root password. In order to login as root, all three admins needed to be present, to type their portion of the password in the correct order. Once all three admins typed in, a root login was achieved and whatever duty was necessary would be performed.
So, what if one of the 3 admins got hit by a bus on the way to work? There was a contingency plan. Each of the three of us entrusted our password to one of the other two. In the event of an emergency, assuming two of the three admins were present, the full password could be reconstructed. For example,
Admin A's password was apple, and he told that to Admin B
Admin B's password was blueberry, and he told that to Admin C
Admin C's password was cherry, and he told that to Admin A
So if Admin B got runover by a train, Admin A and Admin C could still login as root (because Admin C knew Admin B's password part), change the root password, and do whatever needed to be done.
The benefit was that, unless there was some sort of conspiracy, no one admin could ever login as root by himself and do anything crazy.
--
Rate Naked People at FuckMeter! (NSFW)
I was at a place (up Chuck river) that was supposed to be reknowned for it's information processing savvy, Python and CORBA and other soupy-acronyms abounded everywhere. The sysadmin had the wacky idea of everyones' passwords on multiple machines being :
First Initial + last Initial + initials of Research Program + last two numerals of year.
Yes, I kid you not. Everyone had accounts on, oh about eight to ten unix machines, with all passwords immediately known by all fellow users. And before you get misty-eyed and say oh it was so long ago a trusting time, it was 1995. (which was a long time ago in internet time.)