On Mon, February 2, 2015 5:26 pm, Les Mikesell wrote: > On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote: >>> >> Let’s flip it around: what’s your justification *for* weak >> passwords? >> > You don't need to write them down. Or trust some 3rd party password > keeper to keep them. Whereas when 'not weak' is determined by > someone else in the middle of trying to complete something, you are > very likely to have to write it down. > Whereas I agree with you... Well, I tell my users when they set password after I created account for them: the most important is that you can memorize and type your password. I myself, however use rather strong password (knocking on wood), and was never bugged by "weak password" warning. Being sysadmin, and "paranoia" is in sysadmin's job description, I tend to have all passwords different, neither of my regular user, or root passwords ideally should never repeat anywhere, even on different machines I administer. So I imminently am using encrypted password storage. These days it is keepassx. Just my $0.02 Valeri PS I don't like though policies invented by bureaucrats having no technical knowledge serving only to cover their backsides, like in National Laboratories they require one to change password every 6 Months, and password should never be anything you used in the past. This doesn't serve security, and is counter-productive. This policy for me indicates that they declare explicitly that they maintain security of their systems not too well, as a results of which your password likely can get compromised... ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++